CIA Triad: The Concept of Availability

The third principle of the CIA Triad is Availability. Availability is the concept of allowing authorized users timely and uninterrupted access to objects.

Protection Examples:

Numerous countermeasures exists that can ensure availability. Some examples include designing intermediary delivery systems properly, using access controls, monitoring performance and network traffic, using firewalls and routers, implementing redundancy such as load balancers, and maintaining backups.

Importance:

For availability to be maintained, strict controls must be in place to ensure authorized access and an acceptable level of performance to quickly handle interruptions, to provide for redundancy, to maintain reliable backups, and to prevent data loss or destruction.

Attack Vectors:

The loss of availability can come from many different areas from employees inside the organization to outside threats. Some examples include device failure, software errors, environmental issues, and Denial of Service attacks to name a few.

Final Thoughts:

Availability depends on both integrity and confidentiality. Without integrity and confidentiality, availability cannot be maintained. Every organization is different, thus it is important for the management team and security team to work together to prioritize the spending plan on the business needs for the organization.