CIA stands for Confidentiality, Integrity, and Availability and is a widely recognized model used to assess and ensure the security of information and data.

📑 Confidentiality focuses on protecting sensitive information from unauthorized access or disclosure. Measures such as encryption, access controls, and data classification are implemented to maintain confidentiality. The Equifax data breach in 2017 exposed sensitive personal information, including Social Security numbers, of approximately 147 million individuals. The breach occurred due to a vulnerability in Equifax’s website, allowing hackers unauthorized access to confidential data.

📑 Integrity ensures that data remains accurate, complete, and unaltered. Techniques like checksums, digital signatures, and data validation mechanisms are employed to detect and prevent unauthorized modifications or tampering. The Stuxnet worm, discovered in 2010, specifically targeted industrial control systems (ICS) and was designed to disrupt Iran’s nuclear program. It compromised the integrity of the systems by modifying the code in programmable logic controllers (PLCs) and causing physical damage to centrifuges.

📑 Availability ensures that authorized users have access to information and systems when needed. Measures like redundancy, backups, disaster recovery plans, and robust infrastructure are implemented to minimize downtime and ensure continuous access. In 2016, the Mirai botnet launched distributed denial-of-service (DDoS) attacks against Dyn, a major DNS provider. The attacks resulted in widespread service disruptions, causing popular websites like Twitter, Reddit, and Netflix to become inaccessible for a significant period.

The CIA triad serves as a fundamental framework in designing and evaluating the security of systems, networks, and data in cybersecurity.