Forsyte IT Solutions
Forsyte IT Solutions

CIA Triad + Accessing Company Data

Share This Post

The CIA Triad: Establishing a Common Baseline for User Access to Company Data (Written by Wes Blackwell, Forsyte I.T. Solutions)

One issue that many organizations, government or private, need to face eventually is what to do with their data and systems. How does one begin to evaluate their practices and the needs of their clients? One trusted method of establishing a common baseline for user access to company data is the CIA Triad. This method of evaluation helps to bring about concepts of confidentiality, integrity, and availability. Let’s take a closer look at this.

Confidentiality is protecting the company data that means the most to your organization. Nobody wants their data to be exposed to the public, especially if it is sensitive. Data breaches are unfortunately more common than they should be in today’s atmosphere.

Some simple ways to increase the confidentiality of data are:

  1. Properly training employees on the handling of company data.
  2. Strengthening the physical security of any company facilitates.
  3. Implementing company policies for data protection such as Azure Information Protection.

The next practice of the CIA Triad is Integrity. This practice is the act of keeping all company data secure from outside tampering and logging all changes. Audits and access logs are critical if an organization is keeping sensitive information especially if that data is highly valued or holds customer information that could be violating laws if it is released (such as medical information). If users access any critical/sensitive information for your business logs should be kept and stored in a secure location for future review. If any transportation or physical access of systems are to happen audits should be conducted by data custodians and reviewed by the security team. The integrity of data, insurance that nothing has been tampered with, always needs to be kept.

The last bit of the CIA Triad is Availability. It is making sure that company data is available when it is most needed — redundancy and consistent fail-overs in place in case of catastrophic failure.  Sysadmins should also make sure that all hardware is maintained, and all upgrades are inspected, approved, and applied. If important information is necessary for company success and developing trust between its clients, then it is crucial that this information is available whenever it is needed.

One thing I would personally recommend is looking at moving to the cloud for easy application of all the above-mentioned practices. Systems like Azure allow for establishing clear and consistent company policies quickly and accurately across a trusted platform with one of the largest companies in the world. Azure can create RBAC and group membership so only authorized personnel can access sensitive information. Azure information protection can establish clear company policies for classifying company data and encrypting the most sensitive of information. Redundancy can be set up in minutes for any server, and custom schedules are easy to build. And the best part is that audit logs are automatically kept and can be easily exported for physical log keeping.

Analyzing and accessing an environment is a crucial part of an organization’s evolution throughout the course of their lifetime. Evaluating the needs of the organization and how to better handle its data between its workers and customers will remain a constant process for any company.

The CIA Triad is an easy and proven model of analysis. It is really a floor plan for creating a better security posture overall. Any potential threats or concerns for an organization can be weighed against this model to appropriately determine a risk assessment and contingency plans to mitigate any potential loss to critical functionality.

Contact Forsyte I.T. Solutions to discuss your user access settings and IT operations: info@fit-prod-web01.azurewebsites.net.

More To Explore

Schedule a Pen Test

The Guardian 365 Pen Test assesses your systems by simulating cyberattacks on internal resources, external resources, and web apps.

See identify configuration issues and vulnerabilities that external and internal attackers could use to exploit your systems. Sign up for a Guardian 365 Pen Test to enhance your security today!

Contact - Schedule a Pen Test
Name
Name
First
Last

EDUCATION LEADERS TALK SECURITY

You’re in the right place! Complete the form to hear the latest Guardian 365 security discussion featuring IT leaders from Spelman College and Spring Grove Area School District. You won’t want to miss this!

Guardian 365: Featured Webinar
Name
Name
First
Last

Cybersecurity Insurance Audit

Let us help you save money on your Cybersecurity Insurance by providing an audit of your current environment, and provide recommendations on how to reduce the cost of your insurance policy,

Contact - Cybersecurity Insurance
Name
Name
First
Last

Request a Demo

At Forsyte Guardian 365, we believe in transparency and hands-on experiences. Complete the form to request your personalized demo. Remember, security is not a luxury. It’s a necessity. Let’s empower your team with Guardian 365! 

Request a Demo

At Forsyte Guardian 365, we believe in transparency and hands-on experiences. Complete the form to request your personalized demo. Remember, security is not a luxury. It's a necessity. Let's empower your team with Guardian 365! 

Request A Demo
Name
Name
First
Last

Get Started

If you are experiencing a security breach or have detected suspicious activity, get help now.

Contact - Talk to an Expert
Name
Name
First
Last

Expert Recovery Services for Security Breaches

If you are experiencing a security breach or have detected suspicious activity, get help now.

Contact - Recovery Services
Name
Name
First
Last