CIA Triad in Security Governance

How to identify security policies problem area? How to quick fix information security from cyber threat? In this case we used what known as CIA Triad. Don’t get confuse with Central Intelligence Agency; a U.S. government agency that maintain national security from around the world. This CIA can be describe as security model that determine the status and level of organisation current security situation. It also help people in various parts of IT security. Sometimes CIA Triad referred as AIC Triad to avoid confusion with the U.S. government agency; Central Intelligence Agency.

Now let take a look more in detail what is CIA. CIA is an acronym that stand for Confidentiality, Integrity and Availability. The reason why an organisation implement CIA Triad while working with security governance, because they need to set some specification to describe and understand security in IT atmosphere.

Confidentiality basically is privacy that created to avoid private and sensitive information wrongly reaching to an unauthorized people. The authorization of company private and sensitive data must be restricted to certain level such as for board members only. The company can put into action some method like using password or limited access card to secure the private & sensitive data.

Integrity is when the organisation data is free from any alteration or modification by an authorize people. Even when someone modify the data, such alteration can be identify and phase out to secure the integrity of the data. Regular data backup can be done to those damaged data to recover to it corrected state.

Last component for the CIA is Availability. Availability is the guarantee that the data are available and can be access when needed. A company who can’t access to their own data are not secure. For example, in banking organisation, should always can access their client data to make sure all process can be done smoothly. So it is crucial to make sure all the operating system in the organisation is updated and free from all cyber risk that can affect the data.

The conclusion we can achieve from this discussion is in order to perform good security governance one must take into consideration to perform this security model; CIA Triad. Confidentiality, integrity and availability all play the same role to help lessen the cyber risk in the organisation.

Feel free to contact E-SPIN for the security governance, governance-risk-compliance (GRC) solutions requirement and project matters.