CIA-Trinity is an abbreviation for confidentiality, integrity, and availability. It is considered to be the basis for all information protection models. Confidentiality, integrity, and availability are crucial to ensuring the protection of information and information systems. Each of the three CIA-Trinity parts is essential and this model can’t assure the protection of the information and information systems if one of the pieces fails. Let’s see how unique these three components are and what role they play.
Confidentiality is an extremely essential measure to protect information and information systems. It can directly affect other parts of the CIA-Trinity. The first explanation would be that the information must be accessible only to those who have the right to access that information. You may have heard about the Principle of Least Privilege (POLP), it states that information system user must be able to access only the information that is important for regular use of the system and legitimate purpose.
Confidentiality and the Principle of Least Privilege are employed by almost all information systems. For instance, if a WordPress website has different clients with different rights, then it guarantees two things.
- Each client has its own customized account, which can only be operated by the client.
- Each client can have limited access to the list of archives.
Confidentiality must also ensure that other sensitive information is hidden. Just imagine what could go wrong if your WordPress configuration archives or even PHP information becomes visible to everyone. It will make the task of potential Cyber-Criminal extremely easy and he can totally skip the first technique of cyber-infiltration, as he can get all the primary information required to implement an infiltration without wasting time on deeper and time-consuming research. Proper limitation of the availability of information can protect you from potential cyber-infiltrations.
The archives are only valuable if it is correct and unchanged and its integrity means that information is not altered in any way by an unauthorized person. We have a great example, imagine that you have one million dollars on your bank account and someone managed to change the records in the banking archives and reduce your savings to only one dollar just by deleting several symbols. We can safely say that archive integrity is the cornerstone of the reliability of archive and information systems.
Smallest changes could make a massive impact on information and work of the information systems. For Instance; your online store is based on WooCommerce and some unknown people succeeded in changing the price of various products on your shop from 999 USD to 9 USD, so one deleted symbol can create immense difference and can produce heavy loses for your business.
Don’t assume that integrity is the only thing that you require to ensure the of archive information. However, the integrity of your WordPress and WooCommerce or any other program’s source code is highly important. Altered program source code also could lead to huge problems, changes can be made by Cyber-Criminals to inject the infection or other unwanted programs like key-loggers, shells and similar just to gain access to your system, list of archives and client activity by stealing their credit card numbers, account passwords and more.
In summary, ensuring archive integrity guarantees system reliability and such control over archive integrity allows you to identify potential intrusion into your system.
It is important to make sure that the information and information system is accessible to the authorized client or viewer at all times. Some of the cyber-infiltrations like Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) infiltration technique is implemented by Cyber-Criminals to make your information system and its information inaccessible to client and viewers. It’s quite a prominent topic and problem. However, there are a dozen various measures like Web-Application Firewall, Content Delivery Networks (CDN) and others that can protect your WordPress Website or WooCommerce store from such types of infiltrations.
Availability also means that your information system and information must be accessible regarding acceptable client experience. It means that if you apply such protective measures, then it will ultimately ruin client experience and the access to the list of archives by asking clients to pass a lot of protective levels, it will be considered by clients as almost unavailable and inaccessible.
CIA-Trinity is an excellent example of how you can evaluate and harden the protection of your WordPress Web-sites and WooCommerce stores. These three parts of the Trinity depend on each other and provide a solid foundation for the protection of your information and information system. Each measure can reduce the likelihood of successful infiltration. Just remember that excessive involvement of protective measures may make your information or information system unavailable to your client.