There are three key components of information security that you should monitor when analyzing your vendor’s information security strength. These components are known as the CIA Triad and the foundation for strong vendor cybersecurity posture. Listen to this podcast to understand the CIA Triad.
Hi – my name is Abbe with Venminder.
In this podcast, you’re going to learn about the three components of the CIA Triad and why confidentiality, integrity and availability are the foundation for any strong cybersecurity posture.
At Venminder, we have a team of industry experts who assess risk and maximize safety protocols for clients every day.
When analyzing your vendor’s information security strength, it’s a good idea for you to monitor these three key components of information security:
First, confidentiality: This is very much like privacy in the sense that protecting confidentiality is dependent on being able to identify and implement access control levels for information. This should involve breaking data into different groups, organized by who needs access to the information and how confidential that information is to an individual or organization. Normally, confidentiality management includes access control lists, volume, file encryption and file permissions.
Second, integrity: Data integrity is an essential component of the CIA Triad and is intended to protect data from being added, deleted or modified by any unauthorized party. It also ensures that if an authorized person makes an accidental change, the damage can be reversed.
Third, availability: The final component of the CIA Triad is the physical availability of your data. Availability is a blend of both security and access, requiring both authentication mechanisms as well as access to channels and systems, all of which must function as designed, in order to properly secure the information and make sure it's available when needed.
There you have it. The CIA triad. To fully understand your vendor’s position on confidentiality, integrity and availability, it’s important for you to perform appropriate vendor due diligence.
Thanks for tuning in; catch you next time!