1.2 The CIA Triad

Question 1

Explain the CIA Triad

Answer 1

• Combination of principles
  – The fundamentals of security
  – Sometimes referenced as the AIC Triad
• Confidentiality
  – Prevent disclosure of information to
  unauthorized individuals or systems
• Integrity
  – Messages can’t be modified without detection
• Availability
  – Systems and networks must be up and running

Question 2

Explain Confidentiality

Answer 2

• Certain information should only be known
  to certain people
  – Prevent unauthorized information disclosure
• Encryption
  – Encode messages so only certain people
  can read it
• Access controls
  – Selectively restrict access to a resource
• Two-factor authentication
  – Additional confirmation before information
  is disclosed

Question 3

Explain Integrity

Answer 3

• Data is stored and transferred as intended
  – Any modification to the data would be identified
• Hashing
  – Map data of an arbitrary length to data of a fixed length
• Digital signatures
  – Mathematical scheme to verify the integrity of data
• Certificates
  – Combine with a digital signature to verify an individual
• Non-repudiation
  – Provides proof of integrity, can be asserted to be genuine