CIA & InfoSec

Information security refers to the security triad of Confidentiality, Integrity and Availability which is a widely used Information Assurance model.

• Confidentiality - restricting access to assets to those who need.
• Integrity - preventing unauthorised modification of data
• Availability - the assets can be accessed by those who are authorised when they require it.

The CIA Triad is a simply model of information assurance and there have been a number of extensions to the model, however the three most common augmentations are Authenticity, Accountability and Non-repudiation

• Authenticity - verification of the identity
• Accountability - assurance of a transaction by providing audit ability
• Non-repudiation - assurance of the transaction by validity of the transaction

Information security is the provision of controls to ensure the protection of the information assets of an organisation in such a way the function of the organisation is not impeded. It must meet the requirements of the organisation. It should protect against both accidental or malicious threats whether these are natural and man-made in origin.