Bringing security industry standards together – the CIA triad
So far, we have been exploring frameworks, controls, and benchmarks developed to ensure applications, services, systems, and processes are defended against cyber threats. How can we bring these different approaches together into a coherent whole? One answer is the CIA triad, where the CIA isn’t the U.S. Central Intelligence Agency but an acronym that can be used to guide the development of policies and procedures to protect data. The letters of the triad stand for the following:
- Confidentiality – Only authorized users have access to specific data. Moodle is a roles-based system. Moodle users can have different roles (even multiple roles) in different contexts. But this same logic must also apply to other areas of our system. For example, the web service should only have access to the files and directories it needs for normal operation. This is called the principle of least privilege and will...