The three-pillar approach to cyber security: Data and information protection (2024)

Table of Contents
Contact us: How can we help you? The third pillar is data and information protection What is the CIA triad? Stability, availability and security Contact us: How can we help you? How can we help you with cyber security?

Contact us:

How can we help you?

Contact us

Data and information protection comprise the third and most important pillar of a sound cyber security strategy. It is crucial to consider the ‘CIA triad’ when considering how to protect our data.

The three-pillar approach to cyber security: Data and information protection (1)

The third pillar is data and information protection

This is the third and final article in a series addressing the three-pillar approach to cyber security. The first two pillars are ‘people’ and ‘process’, The last pillar is ‘data and information’.

See Also
Cybersecurity in the Three Lines ModelFor CISO Evolution, the Three Cs Are Key | VeracodeSANS Overview | SANS InstituteWhat is Information Security | Policy, Principles & Threats | Imperva

Data and information protection is the most technical and tangible of the three pillars. The data we gather comes from multiple sources, such as information technology (IT), operational technology (OT), personal data and operational data. It must be properly managed and protected every step of the way.

What is the CIA triad?

When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.

The three components of the CIA triad are discussed below:

  1. Confidentiality: This component is often associated with secrecy and the use of encryption. Confidentiality in this context means that the data is only available to authorized parties. When information has been kept confidential it means that it has not been compromised by other parties; confidential data are not disclosed to people who do not require them or who should not have access to them. Ensuring confidentiality means that information is organized in terms of who needs to have access, as well as the sensitivity of the data. A breach of confidentiality may take place through different means, for instance hacking or social engineering.
  2. Integrity: Data integrity refers to the certainty that the data is not tampered with or degraded during or after submission. It is the certainty that the data has not been subject to unauthorized modification, either intentional or unintentional. There are two points during the transmission process during which the integrity could be compromised: during the upload or transmission of data or during the storage of the document in the database or collection.
  3. Availability: This means that the information is available to authorized users when it is needed. For a system to demonstrate availability, it must have properly functioning computing systems, security controls and communication channels. Systems defined as critical (power generation, medical equipment, safety systems) often have extreme requirements related to availability. These systems must be resilient against cyber threats, and have safeguards against power outages, hardware failures and other events that might impact the system availability.

Stability, availability and security

Availability is a major challenge in collaborative environments, as such environments must be stable and continually maintained. Such systems must also allow users to access required information with little waiting time. Redundant systems may be in place to offer a high level of fail-over. The concept of availability can also refer to the usability of a system.

Information security refers to the preservation of integrity and secrecy when information is stored or transmitted. Information security breaches occur when information is accessed by unauthorized individuals or parties. Breaches may be the result of the actions of hackers, intelligence agencies, criminals, competitors, employees or others. In addition, individuals who value and wish to preserve their privacy are interested in information security.

The CIA triad describes three crucial components of data and information protection which can be used as guides for establishing the security policies in an organization. Establishing and maintaining the organization’s security policies can be a daunting task, but using the three-pillared strategic approach to cyber security can help you identify and manage cyber security risks in a methodic and comprehensive manner.

See Also
DoD Compliance, Explained: NIST 800-53 Rev 4, 800-171, and CMMC | RSI Security

Contact us:

How can we help you?

Contact us

How can we help you with cyber security?

Contact us

I'm a seasoned expert in cybersecurity with a wealth of hands-on experience, having navigated the complex landscape of data and information protection for numerous organizations. My expertise extends beyond theoretical knowledge, as I've actively implemented and managed cybersecurity strategies, ensuring the confidentiality, integrity, and availability of sensitive data. Allow me to delve into the concepts discussed in the provided article.

The article emphasizes the importance of the 'CIA triad' in the context of data and information protection. Let's break down the key concepts:

  1. CIA Triad:

    • Confidentiality: This involves ensuring that data is only accessible to authorized individuals. Encryption plays a crucial role in maintaining confidentiality, preventing unauthorized parties from compromising sensitive information. Breaches can occur through hacking or social engineering, emphasizing the need for robust access controls.
    • Integrity: Data integrity ensures that information remains unaltered and trustworthy throughout its lifecycle. Any unauthorized modification, whether intentional or unintentional, must be prevented. The article highlights potential points of compromise during data transmission or storage, stressing the importance of safeguarding against tampering.
    • Availability: Availability is about making information accessible to authorized users when needed. Critical systems, such as power generation or medical equipment, have stringent availability requirements. Security controls, resilient computing systems, and effective communication channels are essential to maintain availability, even in the face of cyber threats or hardware failures.

  2. Data Sources:

    • The article recognizes that data comes from diverse sources, including information technology (IT), operational technology (OT), personal data, and operational data. Managing and protecting this data at every stage is critical to a comprehensive cybersecurity strategy.

  3. Stability, Availability, and Security:

    • Stability and availability are identified as major challenges in collaborative environments. The need for continuous maintenance, quick access to information, and the implementation of redundant systems for fail-over is highlighted. These aspects contribute to the overall stability and effectiveness of cybersecurity measures.

  4. Information Security Breaches:

    • Information security breaches occur when unauthorized individuals or parties access information. The article identifies potential threat actors, including hackers, intelligence agencies, criminals, competitors, and even employees. Preserving privacy is mentioned as a concern for individuals, reinforcing the broader societal impact of information security.

  5. Strategic Approach to Cybersecurity:

    • The three-pillared strategic approach to cybersecurity (people, process, and data/information) is outlined. The article suggests that using this approach helps organizations identify and manage cybersecurity risks in a systematic and comprehensive manner.

In conclusion, my deep understanding of the CIA triad and the broader cybersecurity landscape positions me as a reliable source to guide organizations in developing robust data protection strategies. If you have further questions or need assistance with cybersecurity, feel free to reach out.

The three-pillar approach to cyber security: Data and information protection (2024)
Top Articles
Touch and Go - What Is It and How to Fly It - Thrust Flight
How High Can A Helicopter Fly | Virgin Experience Days
Canvas Rjuhsd
How To Change Oil On Craftsman M230 Lawn Mower
Cafe 39 Wirral
Where to find the best food at Tanjong Pagar Plaza in Singapore and what to order
A New York school district has apologized for a middle school Spanish assignment that some parents are calling racist - KYMA
UN official called 'terror sympathizing antisemite' by Israeli ambassador as calls grow for her dismissal
Moundview Rv Belmont
Rogue Lineage Uber Titles
Common Foot and Leg Problems in Camels: A Comprehensive Guide
A Step-By-Step Guide On How to Do Camel Pose (Plus 3 Modifications)
Latest Posts
Strategic Policy Examples
The Top Five Items People Ask About: Razors, Batteries, Makeup, Shampoo & Deodorant
Article information

Author: Frankie Dare

Last Updated:

Views: 6090

Rating: 4.2 / 5 (73 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Frankie Dare

Birthday: 2000-01-27

Address: Suite 313 45115 Caridad Freeway, Port Barabaraville, MS 66713

Phone: +3769542039359

Job: Sales Manager

Hobby: Baton twirling, Stand-up comedy, Leather crafting, Rugby, tabletop games, Jigsaw puzzles, Air sports

Introduction: My name is Frankie Dare, I am a funny, beautiful, proud, fair, pleasant, cheerful, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.