As part of this weeks summer cyber security webinar about encryption, I touched on the idea of how it can support the confidentiality, integrity and availability (CIA) of your information. In this article, we are going to expand on the CIA theme so you can see how encryption can help.
CIA is a common model in cyber security and can be used to create secure systems, check for vulnerabilities and develop plans for improving organisational cyber security amongst other things. It is a useful concept for anyone working in cyber security – and it was one of the first things we covered at university.
CIA – Confidentiality
This is the most obvious part of the triad – good cyber security needs good confidentiality. Your information needs to be kept private and access to it restricted to only those users or stakeholders that need it. Do not let the CEO have access to everything just because she is in charge! I have two articles linked below looking at how the principle of least privilege can help you with this.
One thing to remember with confidentiality is that not all incidents of privacy compromise are a result of a hack, often it will be human error inside your organisation.
Data classification, controlled access to systems such as SharePoint, and role-based access control are ways you can build confidentiality into your systems.
CIA – Integrity
Bruse Schneier has published an interesting article this week about information integrity, looking at how AI could have an impact as to what we think is true. It is worth a read (Schneier 2025).
Having faith in the integrity of the information you have kept secret is fundamental to operating your business successfully. Access control helps with preserving the integrity of your information, as do reporting and monitoring systems that alert you to possible inappropriate access. Monitoring systems such as our Security Operations Centre will sift through logs and inputs from other sensors continuously 24/7, looking for access anomalies and then taking the required action to preserve your information.
However, the insider threat – a trusted user who abuses that trust – can negate many of these monitoring systems. Our Security Operations Centre uses machine learning to try and spot even these changes in user behaviour. In this case, encryption is a good tool to protect the most sensitive information – if the insider does not have that password the stolen information cannot be accessed.
Octagon Technology’s Security Operations Centre is Online
Digital signatures on emails and documents are another way to ensure the integrity of your information. In the webinar, we discussed how the simple application of encryption and a verified mobile could maintain the integrity and confidentiality of documents you send.
To be continued…
The second part of this article is available on Cyber Awake.
The CIA Triad – Confidentiality, Integrity and Availability (pt. 2) – CyberAwake
The Summer Webinars
It is not too late to register – whenever you register you will be given access to the recordings of previous seminars you have missed. Topics still to come:
Bond… James Bond
I want to sell you a bridge
Leaky boat
You don’t want the bridge… I know a Prince
Invest just thirty minutes of your time in improving the cyber security of your organisation – the sign-up link is here.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Schneier, Bruce. 2025. “The Age of Integrity – Schneier on Security.” Schneier on Security. Retrieved June 30, 2025. https://www.schneier.com/blog/archives/2025/06/the-age-of-integrity.html.
Further Reading
Hack Me If You Can! What’s your excuse? | Smart Thinking Solutions
What the “Principle of Least Privilege” does for you? (pt. 1)
What the “Principle of Least Privilege” does for you? (pt. 2)
Photo by cottonbro studio
