The CIA triad" is also called as "the 3 pillars of security"
CIA stands for Confidentiality Integrity Availability.
CONFIDENTIALITY: only authorized personnel can access the data, but unauthorized personnel can't access the data.
Here encryption and steganography maintains the confidentiality.
- encryption: encryption provides the confidentiality and helps to ensure that data is viewable only by authorized users. The encryption element includes 2 elements:
- algorithm: the algorithm performs mathematical calculations on the data. the algorithm is always the same.
- key: the key is the number that provides variability for the encryption. it is either kept private or changed frequently.
steganography: it is the practice of hiding the data within the data. for example, you can embed a hidden message in an image by modifying certain bits within the file. if other people look at the file, they won't notice anything. however, if other people know what to look for, they ill be able to retrieve the message.
INTEGRITY: integrity provides assurances that data hasn't changed. this includes ensuring that no one has modified, tampered with or corrupted the data. Ideally only authorized users modify data. however, there are times when unauthorized changes occurs.This can be from unauthorized users, from malicious malware. when this occurs, the data has lost integrity. hashing verifies integrity.
hashing: a hash is simply a number created by executing a hashing algorithm against data, such as a file or message.as long as the data never change, the resulting hash will always be the same. by comparing 2 hash values you can determine if the original data is still the same. if the hashes are the same, thedata is the same. if the hashes are different, the data has changed.
AVAILABILITY: availability indicates that data and services are available when needed. for some organizations, this simply means that the data and services must be available 24hrs a day every year.
here patching verifies the availability.
patching: its a method ofensuring systems stay available is with patching. software bugs cause a wide range of problems, including security issues and even random crashes. when software vendors discover the bugs, they develop and release code that patches or resolves these problems.