CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all information security models. Confidentiality, integrity, and availability are crucial to ensuring the security of information and information systems. Each of three CIA triad parts is essential, and this model can’t work correctly guaranteeing the security of information and information systems if at least one piece fails. Let’s see how unique these three components are and what role they play.
CIA triad #1 – Confidentiality
Confidentiality is a necessary measure to control the security of information and information systems. It can directly affect other parts of the CIA triad. The first explanation would be that the information must be accessible only to those who have the right to access that information. You may have heard about the Principle of Least Privilege (POLP), it states that information system user must be able to access only the information that is necessary for regular use of the system and legitimate purpose.
Confidentiality and the Principle of Least Privilege are used basically in all information systems. For example, WordPress can have various users with various rights. It guarantees two things: a) that each user has its own personalized account that only he could access and manage b) that each user can access only the information which he is allowed to access.
Confidentiality must also ensure that other sensitive information is hidden. Just imagine what could go wrong if your WordPress configuration file, database or even PHP information becomes visible to everyone. It will make the potential attacker make the reconnaissance easier and allows almost to skip the first “cyber kill chain” step since he can get the primary information needed for the attack without making deeper and time-consuming research. Proper limitation of the availability of information can protect you from potential cyber attacks.
CIA triad #2 – Integrity
Data is only valuable if it is correct and unchanged. Data integrity means that information is not altered in any way by an unauthorized person. We have a great example, imagine that you have one million dollars on your bank account and someone managed to change the records in the bank database and reduced your savings to only one dollar just by deleting several symbols. We can safely say that data integrity is the cornerstone for the reliability of data and information systems.
Smallest changes could make a massive impact on information and work of the information systems. For example, you have a WooCommerce based online store, someone managed to change the price of some product on your shop from 99 USD to 9 USD, one deleted symbol makes such a huge difference and could generate huge loses for your business.
Don’t think that you need to ensure only database information integrity. The integrity of your WordPress and WooCommerce or any other software source code is highly important. Altered software source code also could lead to huge problems, changes can be made by hackers to inject the malware or other unwanted software like keyloggers, shells and similar just to gain access to your system, data and user activity by stealing their credit card numbers, account passwords and more.
In summary, ensuring data integrity guarantees system reliability, and data integrity control allows you to identify potential intrusion into your system.
CIA triad #3 – Availability
It is important to make sure that the information and information system is accessible to the authorized user or viewer at all times. Some of the attacks like Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks used by hackers to make your information system and its information inaccessible to users and viewers. It’s quite a prominent topic and problem. However, there are a dozen various measures like Web Application Firewall (WAF), Content Delivery Networks (CDN) and other that can protect your WordPress site or WooCommerce store from such types of attacks.
Availability also means that your information system and information must be accessible regarding acceptable user experience. It means that if you apply such security measures that will ultimately ruin user experience and the access to the data by asking users to pass a lot of security steps, it will be considered by users as almost unavailable and inaccessible.
CIA triad is an excellent example of how you can evaluate and harden the security of your WordPress sites and WooCommerce stores. These three parts of the triad depend on each other and provide a solid foundation for the protection of your information and information system. Each measure can reduce the likelihood of a successful attack. Just remember that excessive use of security measures may make your information or information system unavailable to your users.