IT | A Comprehensive View on CIA Triad

IT | A Comprehensive View on CIA Triad

By Suhail Qadir and S. M. K. Quadri
 Department of Computer Sciences, University of Kashmir, Srinagar, India

Figure 1: Classical CIA triad of Information Security

Figure 1: Classical CIA triad of Information Security

Given the threats to Information Security, denial of service attack continues to be a threat today in the form of much bigger and destructive DDoS. The main target of DoS attacks as we know is rendering an information resource unavailable or in simpler terms the main target is Information Availability. 

Given the threat of DoS, there is a demand to study, research and analyse Availability for a better understanding of “Availability as a security attribute” and also given the fact that Confidentiality and Integrity are the most researched and studied attributes of Information Security. The paradigm needs to change and needs a shift from a state of Sustainable Information Availability to a state of providing complete Availability, as unavailability is not an option in today’s context, given the heavy dependence of modern world on information resources and the demand for expected delivery of services in a timely and a reliable manner. 


To achieve this, security practitioners need a much better understanding of Information Availability and study the factors that determine Availability and can influence it under certain conditions (i.e. DoS attack). This will help security practitioners analyse the impact of each factor within the context of their enterprises and determine the changes if necessary, that will achieve the goal of Availability of the organization's critical resources (logical and physical IT resources).

Availability of information, as already mentioned is the least discussed and researched attribute of Information Security. But this does not certainly mean that it is the least important attribute of Information Security. In fact, it plays an important role in determining the other attributes of Information Security (confidentiality and integrity) because these two attributes are directly dependent upon the Availability.

The CIA triad comprising of Confidentiality, Integrity and Availability is the heart of Information Security. Everything in Information Security revolves around these three security attributes. CIA triad is the basic model of Information Security and there exist other models that have the attributes of the CIA triad in common. In Figure 1 and Figure 2, two versions of the CIA model of Information Security are given; the first one is the good old CIA triad that we see everywhere in theory and practice. 


Figure 2: Modified and more realistic CIA triad of Information Security
Figure 2: Modified and more realistic CIA triad of Information Security

The second one that we are vouching for is the more realistic one and it tells about the dependence of Confidentiality and Integrity on the Availability. 

The classical CIA triad raises a serious question in the mind i.e. it treats all the three attributes of security as equal while as in practice there exists a dependence. The dependence is that we can have Availability even if we don’t have Confidentiality and Integrity; however we cannot have Confidentiality and Integrity if we do not have the information available (i.e. Availability) whenever and wherever we need it. 

Imagine if the authorized users of information cannot have access to it and cannot use it, who needs confidentiality and integrity then? How can we apply the advanced methods of data encryption? or The methods of access controls when there is either no access or delayed access to information? All come into picture only when authorized users have access to information and related resources when they need it. 

Therefore in spite of the fact that Information availability is the most ignored and least researched part of Information Security, it is as important and necessarily required as a component of Information Security as are Confidentiality and Integrity and in fact it forms the ground for other security attributes and without it no security attribute can be applied.


This article is an excerpt from a technical paper, titled - "Information Availability: An Insight into the Most Important Attribute of Information Security", originally published at Journal of Information Security Vol.07 No.03(2016), Article ID:65521,10 pages  10.4236/jis.2016.73014 under following copyright clause - Copyright © 2016 by authors and Scientific Research Publishing Inc, licensed under the Creative Commons Attribution International License (CC BY).http://creativecommons.org/licenses/by/4.0/


    Blogger Comment
    Facebook Comment