The CIA Triad
The CIA Triad
The fire triangle is a a triangle of requirements for fire to exist or continue. The sides of this triangle are. Oxygen, heat and fuel. For instance if there is not enough heat in an area then the fuel cannot reach its ignition temperature and a fire cannot start. Equally so if there is no oxygen then combusion cannot take place.
This model is used to teach pupils at schools how to stop fires in their homes and to teach firefighters how to extinguish fires.
There is a similar model in web security called, "The CIA Triad". Properly it should be refered to as "The C.I.A. Triad" because CIA is an acronym in it. They stand for the 3 parts of the triangle. These are;
Confidentiality Integrity Availability
Without these three parts then the security of a system is breeched.
To start with I am going to expain confidentiality.
Confidentiality is making sure that the data on a system is only visible to people with the correct access rights. This area is the area which is most obvious to computer users. i.e. Having a password to logon to a computer etc. There are many ways of protecting this such as encyption.
This can be comprimised in many way, for instance in web application there is SQL Injection to get data without authorisation from a database and with networks there is packet sniffing.
The next word in the acronym is intergrity.
This is making sure that the data recieved is the data which the sender was ment to send. For instance, in web applications a website which logs refers say relies on the fact that the refer is the real refer and not one which has been spoofed to cause damage to the website. cough system_meltdown's HoF for Real 8 cough. There is also the more basic threat that the data has been destroyed in transmittion, ie Packet Loss.
The final word in the acronym is Availability.
This requires that the resources for the system are avaliable for use. This means that the computer can process data at a speed that can maintain the system.
This means that the obvious problem will be DoSing of systems.
To summarise. For a system to be secure all data must not be visible to authorised subjects that all data is unaltered malicously and that the system is still functioning normally.