CIA triad- Network Security - Part2 -

Security revolves around the BIG words. We call it CIA triad. Everyone talks about this CIA, so do I.

At high level, truly security is all about this three terminologies called Security Principles.

 

Integrity – Confidentiality - Availability

I will try to complete this topic as fast I could, you can find any article talking about this.            

cia triad

Confidentiality:

Information not disclosed to unauthorized persons or entities.

One means of achieving confidentiality:            

Data Encryption is one means of achieving confidentiality. Like encrypting  passwords.

Ways to violate confidentiality:
Malware, intruders, social engineering.

Integrity:

It can be data integrity or system integrity. It’s a property where System or Data is not modified by unauthorized users.It relates to origin trustworthiness, completeness, and correctness of information.

It includes:
Authenticity: Ability to verify that  unauthorized user didn't modify the content.
Non repudiation & Accountability:  Any Action on the system can be verified and associated with a  user.

One means of achieving Integrity:                        

Hashing is one mechanism. Hashing the data you receive and comparing with the hash of the original message.

Ways to violate Integrity:

stealing passwords, replay attacks

Availability:

It’s a property where system or system is available to authorized users.

One means of achieving Availability:

Fault tolerant systems, redundant copies and backups.

CIA

CIA	RISK	Control Mechanisms
Integrity	Loss of privacy. Identity Theft unauthorized access to information	Encryption, Authentication, Access control
Confidentiality	Information is no longer reliable. Indemnity Theft unauthorized access to information	4-Eyes, Audit logs
Availabilities	Business disruption. Identity Theft unauthorized access to information	Back ups