Answer – Confidentiality, Integrity, and Availability
The right answer to “What are the three goals of cybersecurity?” is the CIA Triad. CIA is also referred to as Confidentiality, Integrity, and Availability. These servers as the principal for protecting digital information and systems. Let’s look at all three of them in detail for better understanding.
The very first goal of the CIA Triad is Confidentiality which in simple terms is all about protecting and keeping personal as well as sensitive information private. This is to make sure only the right or authorized person has access to it. This is important on many different levels such as keeping the trust of users and to safeguard their crucial data from falling into dangerous hands.
We live in a world where we share data more than we share food or water. There are various ways through which these shared and stored data can be protected within a network and these include access control, data classification, and encryption.
Encryption – It is the process of changing data format into unreadable format which can only be brought back using appropriate decryption key. The process makes it very difficult for third parties to intercept and access during the data flow within a network. Some of its examples are SSL (Secure Socket Layer), TLS (Transport Layer Security), and others.
Access Control – It is a tool to make sure only the authorized personnel can use the specific systems and information. You can get this through the means of user authorization, authentication, and role-based access control. Using this technique will limit the exposure of sensitive data as well as prevent unknown entities from accessing the system.
Data Classification: In the confidentiality pillar, you can assign the data according to their sensitivity. As you know, not all the data of a system is as important as others therefore assigning security to different types of data can be done through data classification. This means you have less protection for public resources and more protection for highly important resources.
In the CIA Triad, the second pillar is for “Integrity” which works on having accuracy and reliability of system and data. It is to make sure that malicious third party has not changed, tampered or corrupted the data. If data integrity is not looked at then it can lead to various consequences such as damage to one’s reputation, financial losses, etc.
Data Integrity is especially important to sectors where the number of data is very huge and accuracy is crucial like finance, healthcare, government, etc. Many cybersecurity experts achieve this by using numerous mechanisms like version control, data validation, checksums, and hashing.
Version Control – This is what the name suggests, a system put in place to maintain the history of all the modifications made to the code or file. Almost all organizations use this to have a track record of changes made by which individual, at what time as well as the option to go back to the previous version in case of emergency.
Data Validation – It checks whether the received or stored data is accurate and complete. This is very important to ensure that the entered data hasn’t been tampered with and is valid. For example, big webpages check the user input to prevent any SQL injection attacks.
Checksum and Hashing – This makes a unique identifier commonly known as a hash value for a set of data. It is to ensure that all the changes made with the set of data or information will create a new hash value that is completely unique to its original value. This makes it very easy to see and verify any unauthorized changes made.
The third and the last pillar in CIA Triad is “Availability” and it focuses on making sure that the sent and received information is usable and accessible when needed. Any hindrance caused by a cyberattack, failure of the system, or any other disruption can be disastrous. This part is important to maintain the constant flow of data where time has a much bigger value than anything else.
You can have different measures set up to make sure of the availability such as redundancy, disaster Recovery, and Load Balancing.
Redundancy – This is the process of setting up a backup system or the availability of additional components to take over in case of emergency or when the core system fails. Let’s take a simple example to understand this, most of the data centers have extra storage, power supplies, and internet connection to reduce the downtime.
Load Balancing – It is the process of distributing workloads and traffic in the network with multiple servers to reduce the chances of overloading of any single component. This is used where there is a prediction of increased demand so that the system can handle it if that situation arises.
Disaster Recovery – These plans have all the required instructions of what to do if an extreme situation occurs including cyberattacks or any natural disaster. It has steps for data backup, system failovers, and communication protocol to have less downtime and data loss.
Confidentiality, Integrity, and Availability also known as CIA Triad is the correct answer to “What are the three goals of cybersecurity?”. Including all these measures will ensure that you or your organization can work without having to worry about your data security all the time. You will also need to assess your particular situation and maintain an equal balance between all these three to have a well-rounded system to reduce cyber threats and data loss.