20. CIA in the Real World

Confidentiality

It means no one can access private information except authorized individuals. This principle focuses on preventing sensitive data from reaching the wrong hands.

Example:

• In a banking or healthcare environment, security teams implement encryption and strict access controls to ensure that Personally Identifiable Information (PII), such as Social Security numbers or medical histories, is only viewable by the specific patient and their assigned physician.

Integrity

It ensures that information is not corrupted, degraded, or modified without the owner's explicit permission. It guarantees that the data remains accurate, complete, and consistent over its entire lifecycle.

Example:

• If an unauthorized person gains access to a hospital database and alters a patient's blood type or allergy information, the results could be fatal. Maintaining integrity ensures that the "vital information" relied upon by professionals remains exactly as it was originally recorded.

Availability

It ensures that authorized users have reliable and timely access to information and services when needed. Security isn't just about locking data away; it's about making sure it's reachable for legitimate business functions.

Example:

• During a Ransomware attack hackers lock up a company's systems, making data inaccessible to employees and customers. This disruption brings business to a halt until the system is restored, demonstrating why constant uptime and backups are essential for availability.