Cybersecurity Vulnerability

An old adage goes: "The only computer that is not in danger is a computer that is turned off." Cybersecurity professionals must identify and explain the main vulnerabilities against a company's critical infrastructure.

A cybersecurity vulnerability is any weakness that may compromise the CIA triad (confidentiality, integrity, and availability) of a product. A cybersecurity vulnerability can never be completely eliminated; therefore, countermeasures must be in place to mitigate the potential disaster to a business's ability to operate after a potential attack.

The confidentiality, integrity, and availability (CIA) triad is at the core of information system security. Information system security professionals use the CIA triad as a mechanism for quantifying the key security considerations of an information system. When a system is under development, each of the CIA concepts must be considered as part of the system's design objectives. Below is a model of the CIA triad. 

Circular pie diagram showing the components of confidentiality, integrity, and availability in equal portions.
Confidentiality, Integrity, Availability (CIA)

Source: Janet Zimmer

Confidentiality refers to the methods used to protect information from unauthorized disclosure. Protecting the confidentiality of proprietary or sensitive information is of vital importance.

Integrity refers to the processes that ensure accuracy of information.

Availability addresses the need of a system to provide continued, reliable access to information while maintaining an acceptable level of performance. Consider organizations with technology and services that must be nearly 100 percent available 24 hours a day, 365 days a year, such as financial institutions, emergency service providers, power providers, and communication providers. Every moment that these organizations cannot exchange information, there is the potential for serious financial loss, injury, or even death.

Check Your Knowledge

Question 1
Which of the following is a true statement?
A vulnerability is a covert action with potential harm.
A vulnerability is a weakness that allows a threat to be realized.
A vulnerability is a desirable outcome of a business continuity plan.
A vulnerability gives priority to the functions of the organization.
Question 2
Which of the following is a true statement?
A threat could be necessary for a vulnerability to occur.
A vulnerability could be mitigated by an end-user license agreement (EULA).
A threat by itself does not always cause damage; there must be a vulnerability for a threat to be realized.
Question 3
True or false? Using security policies, standards, procedures, and guidelines helps organizations decrease risk, threats, and vulnerabilities.
Question 4
What are the four elements of a vulnerability management process?
inventory, focus, assess, and respond
inventory, assess, scanning, and respond
assess, scanning, war dialing, and scanning
credential monitoring, assess, scanning, respond
Question 5
In the CIA triad, what does the I stand for?

Licenses and Attributions

Confidentiality, Integrity, Availability (CIA) by Janet Zimmer is available under a Creative Commons Attribution-ShareAlike 3.0 Unported license