Security Design patterns: CIA triad

CIA Triad

When reviewing systems, I use this model to provide useful context to ensure that applications/services have sufficient processing to ensure data security is managed and maintained.

Confidentiality – what level of secrecy is expected for this product or service, how do we protect it, how do we allow access to the data

Integrity – how do we protect the data, how do we prevent unwanted modifications, how do we maintain consistency, how do we know what changed and who changed it.

Availability – ensure uninterrupted access to the data