The CIA triad with regard to information technology refers to the confidentiality, Integrity, and availability of information, data, and systems. As applied to information systems, these concepts represent the fundamental concepts for information systems and data security. Confidentiality reflects the expectation that private data will only be seen by those it is intended for, and that confidential information is not disclosed to unauthorized personnel Stallings, 2014). Confidentiality is the mechanism responsible for preventing unauthorized disclosure of private information (De Oliveira et. al, 2014). Integrity is the assurance that information has not been changed or altered in any way, from origin, to destination (Fenrich, 2008). Integrity guarantees data is accurate, reliable, and unaltered. Availability is the assurance that systems are operational, and ensures reliable access to both system and information (Stallings, 2014). These three concepts provide the building blocks of any information security scheme, and are essential to protect the assets of any …show more content…
In general, passive attacks tend to strike at the confidentiality of information and data systems. For example, traffic analysis is an attempt to eavesdrop on private data, thus compromising the information’s confidentiality. In contrast, active attacks are designed to alter data, or deny service to a network or information system, compromising the integrity or availability of that system. Both replay and modification of message attacks alter data before forwarding it as legitimate, damaging the integrity of the information. A denial of service intends deny access to information, or an entire information system, compromising the availability of that system. With the exception of a full-blown denial of service attack, the process of encryption plays a huge role in maintaining the confidentiality and integrity of