Wednesday, July 1, 2020

CIA triangle: Confidentiality, Integrity and Availability

Confidentiality, Integrity and Availability


Confidentiality: 

Confidentiality is the protection of information from unauthorized access. Confidentiality ensures that sensitive information is accessed only by an authorized person and kept away from those not authorized to possess them.

Examples of confidential information

  • Bank account statements
  • Personal information
  • Credit card numbers
  • Government documents

Examples of attacks that affect confidentiality

  • Packet sniffing
  • Password cracking
  • Dumpster diving
  • Wiretapping
  • Key-logging
  • Phishing

Ways to ensure confidentiality

  • Usernames and passwords
  • Two-factor authentication
  • Bio-metric verification
  • Security tokens
  • Data encryption

Integrity: 

Integrity maintaining the accuracy, and completeness of data. It is about protecting data from being modified or misused by an unauthorized party. Data must not be changed in transit, and precautionary steps must be taken to ensure that data cannot be altered by unauthorized user.

In the context of the information security (InfoSec) world, integrity means that when a sender sends data, the receiver must receive exactly the same data as sent by the sender.

Example attacks that affect Integrity

  • Salami attack
  • Data diddling attacks
  • Session hijacking
  • Man-in-the-middle (MITM) attack

Ways to ensure Integrity 

  • Encryption
  • User Access Control
  • Backups

Availability

Availability guarantees that systems, applications and data are available to users when they need them.Unavailability to data and systems can have serious consequences.

It is essential to have plans and procedures in place to prevent or mitigate data loss as a result of a disaster. A disaster recovery plan must include unpredictable events such as natural disasters and fire.

Also, extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to malicious actions such as denial-of-service (DoS) attacks and network intrusions.

Example attacks that affect Availability

  • DoS and DDoS attacks
  • SYN flood attacks
  • Physical attacks on server infrastructure

-
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Online "Cyber Security Awareness" quiz link is open now.

 Online "Cyber Security Awareness" quiz link is open now. Test your knowledge about the cybersecurity and cyber law in India  1. T...