Confidentiality, availability and integrity, known as the CIA triad, are considered the most vital parts of security.

Confidentiality is the assurance the information is not disclosed to unauthorised individuals, processes or devices while making sure authorised personnel can.

The confidentiality of data can be adhered to by utilising strong complex passwords, two-factor authentication and information relating to combatting social engineering attacks. Failure to maintain confidentiality means an individual has accessed sensitive data they are unauthorised to see.

Integrity ensures that the data is stored accurately and contains no unauthorised modifications.

Software flaws, loose access controls and vulnerabilities can lead to accidental losses in data integrity. An example of a loss of integrity is when an individual attempt to access one page and gets redirected to a different malicious page. Measures to protect the integrity of data can include file permissions, version control and access controls, intrusion detection, and hashing can combat the threat of loss of integrity.

READ MORE: How intruder detection systems operate

Availability means the information systems must be accessible to users for these systems to provide any value.

Ideally, systems should be able to recover from disruptions in a timely manner. Availability of data can be hardened by ensuring that all software updates are adhered to, and redundancy designs should be used so that if a system fails, back-ups will be in place to ensure the data can be quickly recovered. An additional measure is to implement DDOS mitigation techniques to reduce the effectiveness of this attack and increase the likelihood of the system remaining online. An individual unable to access a website is an example of availability being compromised.

Some assets have a critical confidentiality requirement (company trade secrets), some have critical integrity requirements (financial transaction values), and some have critical availability requirements (e-commerce web servers).