DAD

The opposite of the CIA Triad would be the DAD Triad: Disclosure, Alteration, and Destruction:

• Disclosure is the opposite of confidentiality. In other words, disclosure of confidential data would be an attack on confidentiality.

• Alteration is the opposite of Integrity. For example, the integrity of a cheque is indispensable.

• Destruction/Denial is the opposite of Availability.

For example, in the case of patient records and related systems:

• Disclosure: As in most modern countries, healthcare providers must maintain medical records’ confidentiality. As a result, if an attacker succeeds in stealing some of these medical records and dumping them online to be viewed publicly, the health care provider will incur a loss due to this data disclosure attack.

• Alteration: Consider the gravity of the situation if the attacker manages to modify patient medical records. This alteration attack might lead to the wrong treatment being administered, and consequently, this alteration attack could be life-threatening.

• Destruction/Denial: Consider the case where a medical facility has gone completely paperless. If an attacker manages to make the database systems unavailable, the facility will not be able to function properly. They can go back to paper temporarily; however, the patient records won’t be available. This denial attack would stall the whole facility.

Protecting against disclosure, alteration, and destruction/denial is of utter significance. This protection is equivalent to working to maintain confidentiality, integrity and availability.