The three-pillar approach to cyber security: Data and information protection (2024)

The three-pillar approach to cyber security: Data and information protection (1)

Data and information protection comprise the third and most important pillar of a sound cyber security strategy. It is crucial to consider the ‘CIA triad’ when considering how to protect our data.

The third pillar is data and information protection

This is the third and final article in a series addressing the three-pillar approach to cyber security. The first two pillars are ‘people’ and ‘process’, The last pillar is ‘data and information’.

Data and information protection is the most technical and tangible of the three pillars. The data we gather comes from multiple sources, such as information technology (IT), operational technology (OT), personal data and operational data. It must be properly managed and protected every step of the way.

What is the CIA triad?

When we discuss data and information, we must consider the CIA triad. The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.

The three components of the CIA triad are discussed below:

Confidentiality: This component is often associated with secrecy and the use of encryption. Confidentiality in this context means that the data is only available to authorized parties. When information has been kept confidential it means that it has not been compromised by other parties; confidential data are not disclosed to people who do not require them or who should not have access to them. Ensuring confidentiality means that information is organized in terms of who needs to have access, as well as the sensitivity of the data. A breach of confidentiality may take place through different means, for instance hacking or social engineering.
Integrity: Data integrity refers to the certainty that the data is not tampered with or degraded during or after submission. It is the certainty that the data has not been subject to unauthorized modification, either intentional or unintentional. There are two points during the transmission process during which the integrity could be compromised: during the upload or transmission of data or during the storage of the document in the database or collection.
Availability: This means that the information is available to authorized users when it is needed. For a system to demonstrate availability, it must have properly functioning computing systems, security controls and communication channels. Systems defined as critical (power generation, medical equipment, safety systems) often have extreme requirements related to availability. These systems must be resilient against cyber threats, and have safeguards against power outages, hardware failures and other events that might impact the system availability.

Stability, availability and security

Availability is a major challenge in collaborative environments, as such environments must be stable and continually maintained. Such systems must also allow users to access required information with little waiting time. Redundant systems may be in place to offer a high level of fail-over. The concept of availability can also refer to the usability of a system.

Contact us

How can we help you?

Find out more

Cyber security services

Ensure that your industrial control systems are cyber security ready

The first pillar is people

The three-pillar approach to cyber security starts with people

The second pillar is processes

The three-pillar approach to cyber security: Processes are crucial

The seven phases of a cyber attack

In the cyber security industry, we are seeing a change in the way that hacks are performed

When hackers hack, fight back - with these six steps

Ethical hacking

The white hats in DNV cyber security services

Cyber security awareness

in the Maritime Industry

Follow DNV - Digital Solutions

on LinkedIn

How can we help you with cyber security?

FAQs

The three-pillar approach to cyber security: Data and information protection? ›

These pillars are: technology, processes, and people. By focusing on these three key areas, organizations can establish a robust cybersecurity framework that mitigates risks and ensures compliance with relevant regulations and standards.

Read On ›

What are the three pillar approach to cyber security data and information protection? ›

Cyber security can be broken down into three main pillars: people, processes, and technology. If you understand these important components, you can use them as a road map to deliver quality IT service and cybersecurity protection. There are two ways you can think about these pillars.

Discover More Details ›

What is said to be the 3 pillars of information security? ›

Three Pillars of Infosec: Confidentiality, Integrity and Availability.

What are the three pillars of data protection? ›

Confidentiality — You need to know your data is protected from unauthorized access. Integrity — You have to be able to trust your data. Availability — You need to be able to access your data.

See Details ›

What are the three 3 principles of cyber security? ›

What are the 3 Principles of Information Security? The basic tenets of information security are confidentiality, integrity and availability. Every element of the information security program must be designed to implement one or more of these principles. Together they are called the CIA Triad.

Find Out More ›

What are the three 3 information security and cybersecurity program controls? ›

There are three main types of IT security controls including technical, administrative, and physical. The primary goal for implementing a security control can be preventative, detective, corrective, compensatory, or act as a deterrent.

Tell Me More ›

What are the three approaches to cybersecurity? ›

This is the third and final article in a series addressing the three-pillar approach to cyber security. The first two pillars are 'people' and 'process', The last pillar is 'data and information'. Data and information protection is the most technical and tangible of the three pillars.

Show Me More ›

What are 3 pillars of application security? ›

In order to protect your organization's applications from attack, it is essential to have a strong foundation in the three pillars of application security: process, technology, and people. Each pillar plays an equally important role in ensuring the security of your applications.

Explore More ›

What are the three pillars of data? ›

For businesses to become data driven, the barriers rooted in people, processes and technology need to be addressed. To achieve this, organisations should aim to meet three pillars of data maturity: data acquisition, data assurance and data value.

What are the three pillars of cybersecurity team? ›

The three main pillars of information security are people, processes, and technology. Each is just as important as the next; however, people are the most vulnerable pillar of any ISMS. Processes are the second most susceptible pillar. Technology is the firmest pillar, as IT professionals pay the most attention to it.

Show Me More ›

What are the 3 main acts of data protection? ›

Lawfulness, fairness, and transparency: Any processing of personal data should be lawful and fair. It should be transparent to individuals that personal data concerning them are collected, used, consulted, or otherwise processed and to what extent the personal data are or will be processed.

Read The Full Story ›

What are the 3 pillars of data governance? ›

At its core, data governance rests on several key pillars, each playing a crucial role in the successful management of data within an organization. These pillars include data stewardship, data quality, data security, data privacy, and data management.

See Details ›

What are the three types of data protection? ›

Some of the most common types of data security, which organizations should look to combine to ensure they have the best possible strategy, include: encryption, data erasure, data masking, and data resiliency.

Get More Info Here ›

What are the three pillars of information security? ›

Confidentiality, integrity and availability are usually accepted as the three vital pillars of information security. Without adequate safety in place to avert illegal events, an organization's most essential asset, especially its information, is at risk.

What are the pillars of cyber security? ›

High-performing cybersecurity teams rely on five key pillars to maintain overall security and prevent potential issues:

Confidentiality.
Integrity.
Availability.
Authenticity.
Responsibility.

Jun 12, 2024

What are the 3 P's of cyber security? ›

As organizations strive to fortify their defenses, they often look to the three pillars of cybersecurity: people, processes, and products. However, one crucial aspect that ties these pillars together is often underestimated – the need for comprehensive training for cybersecurity teams.

View Details ›

What are the pillars of cyber security program? ›

High-performing cybersecurity teams rely on five key pillars to maintain overall security and prevent potential issues:

Confidentiality.
Integrity.
Availability.
Authenticity.
Responsibility.

Jun 12, 2024

What are the 3 C's of cyber security? ›

The 3 Cs of Enterprise Security: Communicate, Coordinate and Collaborate. As technology continues to evolve and become more interconnected, the line between cyber and physical security is increasingly blurred.

Learn More ›

What are the three elements of protecting information in cybersecurity? ›

The CIA Triad—Confidentiality, Integrity, and Availability—is a guiding model in information security. A comprehensive information security strategy includes policies and security controls that minimize threats to these three crucial components.

Discover More Details ›