The CIA triad
CIA stands for confidentiality, integrity, and availability. It helps in guiding the policies and practices of information security in an organization. Ideally, the Defense in Depth approach covers all of the three aspects of CIA triad. Let's go ahead and understand each of them.
Confidentiality
As the name suggests, this function deals with keeping information confidential.
Thus, it is directly related to the principle of least privilege. This principle states that access to the information should be granted only on a need-to-know basis with a valid business requirement and thus should not be accessible to everyone.
For example, if a developer wants to see the application logs on the server, there is no need to give him full sudo permission. Access to basic commands such as less, more, and tail should be more than enough to achieve the required use case.
The prime aspect of confidentiality is the classification of data. If data is classified into three aspects, such as public,...
