What is CIA Triad stands for? How to enable CIA Cyber Security Requirements for the Organization?
What is the goal of an organization's information security construction? The obvious in short is Confidentiality, Integrity and Availability (CIA triad) . All security controls, mechanisms, and safeguard are implemented to provide one or more of these protection types, and all risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of the CIA principles.
A cornerstone is the foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in nature.
Access is one of the most exploited aspects of security because it is the gateway that leads to critical assets. Access controls need to be applied in a layered defense-in-depth method, and an understanding of how these controls are exploited is extremely important. Access control give the organization the ability to control, restrict, monitor, and protect resource availability, integrity and confidentiality. For a user to be able to access a resource, he first must prove he is who he claims to be, has the necessary credentials , and has been given the necessary rights or privileges to perform the actions he is requesting. Once there steps are completed successfully, the user can access and use the network resources; however, it is necessary to track the user's activities and enforce accountability for his actions.
- Identification describes a methods by which a subject (user, program, or process) claims to have a specific identity (user, account number, or e-mail address).
- Authentication is the process by which a system verifies the identity of the subject, usually by requiring a piece of information that only the claimed identity should have.
- Authorization : A system determines that the subject may access the resource only when the subject was properly authenticated and has the rights and privileges to carry out the requested actions and it authorizes the subject.
- Accountability : The subject needs to be hold accountable for the actions taken within a system or domain. The only way to ensure accountability is if the subject is uniquely identified and the subject's actions are recorded. (Refer to CISSP identify and access management chapter)
Sangfor IAM (Internet Access Management) provides end-to-end user life cycle management, from identification, authentication, authorization and accountability perspectives. First of all, with visibility IAM can identify what application is running in the traffic, this is the first step for identity. Secondly, Sangfor IAM supports multiple authentications, LDAP/Gmail/Facebook/SMS etc to identify whether the user is legal/illegal. Thirdly, IAM can do granular control for the user, endpoints, applications and the traffic because of the accurate identity. The most important is IAM will audit and analyze the user behavior and traffic information, turning the data which it collected into valuable information which will help the decision-maker to do the science decision. Visit this page to learn more about Sangfor IAM Solution.
What is Sangfor IAM market position?
Sangfor IAM market share in China has been top 1 for 12 years and is the only provider for the world largest bank ICBC. Alibaba Group, MIZUHO Bank, MUFG, Hana Bank, BNI (Second largest bank in Indonesia), May Bank Myanmar, Sweety Home and so on are using Sangfor IAM solution.