Today I want to talk about something called the Triad CIA, which are the tree main goals of security.
Each one of them, Confidentiality, Integrity, and Availability are not the same and can cause some confusion. But fear not, I am here in order to explain in the easiest way the main differences.
First of all is Confidentiality, this is probably the first one to come in your mind when talking about security. It is just to protect your stuff from unauthorized disclosure, I means that none should be able to see your secrets without your consent.
You could think: that’s it! Everything in security is confidential so why you talk about the other tree? Well, it is not entirely true. You can have security with little confidentiality. Just think about a web page with just information about a touristic place. It has nothing else than information and anyone can see it, so: why is it secure with little to no confidentiality? I can respond this with the following concept.
Integrity is a wat that we protect an asset from unauthorized changes. Or in other words, only certain people are permitted to modify the data. We can see how in my previous example of the information only web can be secure if its integrity is preserved, it means that we can implement methods to ensure that only the administrators can change the web.
Another goal, it means that security must try to accomplish a data accessible and reliable. In my previous example, it means that the web should be up as often as possible. This is the easiest of the three goals to understand, but maybe the hardest because of the trade-offs implied. Just think about it, the easiest way to have availability is to make a copy of something and have many back-ups, but you really want to have multiple copies of your password all over the internet?
Every Security system implemented has this three goals in mind, but cannot satisfy all three of them completely. You must analyze which system fulfills better your needs in order to become secure.