CIA(NA)

Na, not that CIA.

CIA, in the context of information security, stands for Confidentiality, Integrity, and Availability. They are known as the pillars of information security for good reason, as basically all security processes are designed around protecting one or more of these things. The foundational question of all security is "How can I be sure that the CIA triad is preserved?"

However, I think that the CIANA acronym provides a little bit more context and is more useful for us. CIANA stands for Confidentiality, Integrity, Availability, Non-Repudiation, and Authentication. It's much less common (basically only taught in the military, but I think it is useful).

Let's break them down.

Confidentiality

Confidentiality might be the one that springs to your mind first because we think of protecting information as so important to the field that we named ourselves after it: information security. Ensuring that data is kept secret is what this is all about.

Integrity

Something you might not have expected is integrity. This is the term we use to describe what it means to preserve the contents of data and ensure it has not been altered. By ensuring information isn't tampered with as it goes across the network or sits in a database, the modern world can trust the data presented to it.

Availability

It doesn't matter if the data is secret and not tampered with if nobody can access it. Providing availability is critical to ensuring that the world can benefit from the information.

Now it is time for the optional ones.

Non-Repudiation

Alright, this one is weird, and a lot of people don't like it. But for me, this is useful because we can use it to explain some of the harder concepts that you'd have to stretch the other pillars to cover. Non-repudiation is simply the assurance that when an action is taken, it is possible to prove that the action was taken by that person. It combines the pillars of Authentication and Integrity into one concept. This is critical in things like digital signatures, forensics, and generally trust in other people around the internet.

Authentication

Authentication is where all of this comes together. Someone or something is allowed to look at data, and someone or something is allowed to alter the data. Authentication provides the means to determine who is allowed to look at and do what.

Task: For each pillar, submit the word, the definition, and a way that it applies to your email account.