Hacker News new | ask | show | jobs
by incomingpain 1356 days ago
As a security guy, we are taught the CIA triad early and it's easy to forget.

The A stands for availability and if you don't make things available, you're failing at your own job.
2 comments
microjim 1356 days ago
Well, that depends. You certainly want to ensure the availability of the information under your remit isn't compromised by a threat actor, but reducing your attack surface by, say, shutting down external internet access is certainly a valid mitigation in some circumstances.
link
zasdffaa 1356 days ago
CI = ??
link
zweifuss 1356 days ago
I didn't know either, so I looked it up: The three initials stand for the three most important IT protection goals, often referred to as the "pillars of data security":

Confidentiality,

Integrity,

Availability.

There are other IT protection goals, including authenticity, privacy, reliability, and (non)repudiation.

link
microjim 1356 days ago
>authenticity, privacy, reliability, and (non)repudiation.

These fall under integrity, confidentiality, availability, and integrity respectively! The CIA triad is pretty comprehensive!

link
doubled112 1356 days ago
I think CIA covers everything in the list, right?

Authenticity and non-repudiation falls under integrity.

Privacy falls under confidentiality.

Reliability in context is another word for availability.

link
easton 1356 days ago
Confidentiality, Integrity
link