CIA Triad in Personal Data Security

Confidentiality

This is very similar to privacy. Procedures are put in place to stop sensitive information from reaching the wrong people and making sure the right people get it. Access must be restricted to those allowed to look at the specific information. It is likely data would be categorized on the amount and type of damage it could do if an unauthorized user reached it. This is so secure and precise measures can be implemented based on the assorted categories.

Sometimes training in safeguarding information is needed, this can be familiarizing people with how to make stronger passwords and various social engineering methods used.

An example of a confidentiality method used is an account / routing number used when banking online. Another method used Is data encryption. While user IDs and password and considered normal standard practice; two-factor authentication is much more secure and is been used a lot more now. Other options could be biometric verification and security tokens, soft tokens and key fobs.

Get quality help now

Sweet V

Verified writer

Proficient in: Security

4.9 (984)

“ Ok, let me say I’m extremely satisfy with the result while it was a last minute thing. I really enjoy the effort put in. ”

+84 relevant experts are online

Hire writer

Also users can minimize where their data appears and the number of times it is transmitted to complete a required transaction. For extremely sensitive documents extra precautions for storing such as only using air gapped computers (isolating a computer and preventing it from establishing an external connection), disconnected storage devices or, if there’s highly sensitive information, only using a hard copy may be used.

Integrity

This is the act of making sure the consistency, trustworthiness and accuracy of data over its entire life cycle is maintained.

Data must not be altered during transit, and measures need to be taken to ensure data cannot be changed by unauthorized people. The measures used can be implementing file permissions and user access controls. Version control can prevent accidental deletion or erroneous changes by authorized users. Also some protective measure must be in place to detect any changes to data that could happen due to non-human caused events such as a server crash or electromagnetic pulse. Some data could include checksums (this is the number of bits in a transmission unit so the receiver can check to see if the same number of bits arrived.) for verification of integrity. If data is altered, backups or redundancies will be needed to restore the data to its correct state.

Availability

Availability is kept intact by rigorously maintaining all hardware, making sure the operating system is functioning correctly and free of software conflicts and performing hardware repairs as soon as they’re needed. Also it’s important to update software as often as possible.

Equally important is making sure there’s sufficient bandwidth and stopping the potential of bottlenecks occurring. When hardware issues do occur, RAID, failover, redundancy and high-availability clusters can minimize serious consequences. For the worst case situations, fast and adaptive disaster recovery is necessary and the capacity saved is reliant on a comprehensive disaster recovery plan. Unpredictable events like fire and natural disasters can lose data if safeguards against data loss / interruptions in connections do not include methods for these unpredictable events. To stop data loss from these occurrences, a backup copy could be made and stored in a different location, maybe in a fireproof / waterproof safe. Denial of service (DoS) attacks and network intrusions can be prevented by the use of firewall and proxy servers.