Recreating Cybercloud Safeguarding Today


Blog with us, and Navigate the Cyber Jungle with Confidence!

We are here for you, let us know what you think

17.11.22

CIA-AN (ciaan) Cyber Security Risk Model - what is it?

BACKGROUND

What does Cyber Risk stands for?

It means any possibility or threat that may materialize, inflict a financial loss, sensitive data lose, disruption or damage to the reputation of an organization from some sort of failure of its information technology systems and its supplied services.

Risk are defined for many years under the methodology of 'CIA triad'. The CIA stands for Confidentiality, Integrity, and Availability model has been the pillar of the IT security doctrine for many years and has been updated lately just before COVID pandemic. Now in the new update there are two new risk entities A&N that have been added to create the full CIAAN model, their initials (A) Authentication and (N) Non-Repudiation were added to the model.

EXPLICATION

It's a new benchmark methodology that has developed into an actual doctrine that goes hand in hand with the old method but with a unique twist of new cyber professionals wave that follows now  the CIAAN, known as the 'pentagon of risk. that is, the existing triangle of Confidentiality, Integrity, and Availability, was added Authenticity and Non-repudiation, which means that the risk is viewed from new and wide perspectives than before, it gives the ability to refer to an attack that happened or may be carried out, distinguish between On-prem and Cloud vulnerabilities, Data breach, etc.

That's why professionals now adopting the discussion of building up CIAAN vectors of system vulnerability creating a new method of risk mapping. 

Off course, by analyzing according to this method, it allows to produce reduction mechanisms or create a governance decision on one or more compensatory control and/or determines the residual risk of an asset or a vulnerability finding.

CIA triad
CIA triad


The complete Model of the CIA-AN (Pentagon Risk Module) in detail
1. Confidentiality:
- This means the sender and receiver must have privacy from all other users.
- This is mostly achieved by key encrypting the message using a secret key that is known only to the sender and receiver.

2. Integrity:
- This means that data must arrive to the receiver as the sender intended it, exactly how it was sent without any modifications. Any changes (accidentally or maliciously) during transmission,  should not occur.

 3. Availability:
- The means ensuring the data and systems are fully functional and are available whenever needed by any users.
- This is mostly achieved by a good IT architectural system designed to respond to hardware failures, downtimes, and power outages as fast as needed, or may include the usage of several networks to route around network outages.

CIAAN PENTAGON OF RISK

 4. Authentication:
- It is the process of recognizing a user's identity in a single value, providing the level of access to the data.
- Authentication goes together (in parallel) with Integrity. Authentication comes to complete Integrity processes.

 5. Non-repudiation:
- This term means that a sender should not be able to deny sending a message that he or she, in fact, did send. it is the result needed to be achieved by doing good authentication.

 The last two Authentication and Non -repudiation emphasize 
 the business ability to define risks in a better approach, also having affect on the ability of an organization to create business continuity plan. It is a new GRC approach that created CIAAN model, a new model approach for IT systems security and cyber security.