The CIA triad is a widely used information security model. It’s an acronym for Confidentiality, Integrity, Availability. The Dutch equivalent is BIV, which stands for: Beschikbaarheid, Integriteit, Vertrouwelijkheid. Confidentiality, Integrity and Availability are valuable non functional requirements that really make sense when you use them in the context of security. It helps you formulating focused questions rather than just wasting money at vague cybersecurity requirements.
Definitions:
- Confidentiality: Only authorized users and processes should be able to access or modify data. Ask yourself: what are the consequences / what is the risk when unauthorized persons have access to the data? Security breach: Some critical and confidential information has been disclosed unexpectedly.
- Integrity: Data should be correct, complete and actual. Nobody should be able to improperly modify it, either accidentally or maliciously. Security breach: Information has been altered or corrupted.
- Availability: Authorized users should be able to access data whenever they need to do so. Ask yourself: what are the consequences when people can’t access data when needed? Security breach: Information access is denied unexpectedly.
Think * Share * Integrate 