09. CIA - Confidentiality, Integrity, Availability Flashcards
Confidentiality, Integrity, Availability
Confidentiality
Ensure no on unauthorised can access the data
Confidentiality, Integrity, Availability
Integrity
Ensure data has not been altered
Confidentiality, Integrity, Availability
Availability
Ensure authorized people can access data when they need
Confidentiality, Integrity, Availability
CONFIDENTIALITY:
Threats
- Attacks on encryption
- Social engineering
- Key Loggers
- IoT
Confidentiality, Integrity, Availability
CONFIDENTIALITY:
We use
- Encryption - data at rest
- Secure Transport Protocols - data in motion
- Best Practices - data in use
- Secure protection
- Secure protection = strong passwords, MFA, masking, access control, neet to know, least privilege
- Best practices = Clean desk, no shoulder surfing, screen view protector, PC locking
Confidentiality, Integrity, Availability
INTEGRITY:
Threats
- Alterations to data
- Code injection
- Attacks on your encryption
Confidentiality, Integrity, Availability
INTEGRITY:
We Use
- Cryptography
- Checksums
- Message Digests (MD5 Hashing, SHA1, SHA2)
- Digital Signatures
- Access Control
Confidentiality, Integrity, Availability
AVAILABILITY;
Threats
- Malicious Attacks (DDoS, Physical, system compromise)
- Application Failure (code error)
- Component failure (hardware)
Confidentiality, Integrity, Availability
AVAILABILITY;
We Use
- IPS/IDS
- Patch Management
- Redundancy, HA, Failover
- SLAs - Uptime targets
ROI - Return on Investment
- Need to factor in fiscal elements to redundancy
- What priority are systems, is it worth the cost of making them ultra HA or redundent?
Confidentiality, Integrity, Availability
CIA Opposites
Confidentiality ==> Disclosure
Integrity ==> Alteration
Availability ==> Destruction
CIA ==> DAD
- REMEMBER American DAD - CIA agent
