The CIA triad is so critical to information security that every time data is leaked, a system is hacked, a user bites a phishing hook, an account is hijacked, a website is maliciously removed, or a series of security incidents, you can be sure that one or more of these principles of Cybersecurity have been violated.
Cybersecurity professionals who work at this company assess threats and vulnerabilities based on the potential impact they have on the confidentiality, integrity, and availability of an organization’s assets. That is, your critical data, applications and systems.
The three fundamental principles of cybersecurity
▸Confidentiality
Confidentiality refers to an organization’s efforts to keep its data private or secret. In practice, it is about controlling access to data to prevent unauthorized disclosure. This involves ensuring that only those who are authorized have access to specific assets and that those who are not authorized are actively prevented from gaining access.
For example, only a few authorized employees should have access to the payroll database of all employees in an organization. In addition, within a group of authorized users, there may be additional and stricter limitations on the information that those authorized users can access.
Confidentiality can be broken in many ways, for example through direct attacks designed to gain unauthorized access to systems, applications, and databases in order to steal or manipulate data.
▸Integrity
In everyday use, integrity refers to the integrity of something. In computer security, integrity consists of ensuring that the data has not been tampered with and, therefore, is reliable. E-commerce customers, for example, expect product and pricing information to be accurate, or that quantity, price, availability, and other information will not be altered after placing an order.
Banking customers must be able to trust that their bank information and account balances are not tampered with. Ensuring integrity involves protecting data in use, in transit (for example, when sending an email or uploading or downloading a file) and when storing it, either on physical devices or in the cloud.
As in the case of confidentiality, integrity can be compromised directly through an attack vector, such as tampering with intrusion detection systems, modifying configuration files, or changing system registries to evading detection, or even unintentionally, through human errors, such as carelessness or coding errors.
▸Accessibility
Systems, applications, and data are of little value to an organization and its customers if they are not accessible when authorized users need them. Simply put, accessibility means that networks, systems, and applications are fully operational. This ensures that authorized users have timely and reliable access to resources when they need them.
Many things can compromise accessibility, including hardware or software failures, power failures, natural disasters, or human error.
Perhaps the most known attack that threatens accessibility is denial of service, in which the performance of a system, website, web-based application, or web-based service is intentionally and maliciously degraded. With this, the system becomes completely unattainable.
Check also:
What should we know about security with JavaScript
Incognito Mode – A form of Privacy
How we protect ourselves from Carding
[…] reads:The fundamental principles of CybersecurityRed and Blue Team – what functions does they […]