CIA TRIAD

Question 1

tell me about the CIA TRIAD

Answer 1

the fundamentals of security
sometimes referenced as the AIC TRIAD
Confidentiality
Prevent disclosure of information to unauthorized individuals or systems
Integrity
Messages can’t be modified without detection
Availability
systems and networks must be up and running

Question 2

explain confidentiality

Answer 2

certain information should only be known to certain people
prevent unauthorized information disclosure
Encryption
encode messages so only certain people can read it
Access controls
selectively restrict access to a resource
Two factor authentication
additional confirmation before information is disclosed

Question 3

explain integrity

Answer 3

data is stored and transferred as intended
any modification to the data would be identified
Hashing
map data of an arbitrary length to data of a fixed length
Data signatures
mathematical scheme to verify the integrity of data
Certificates
combine with a digital signature to verify an individual
Non-repudiation
provides proof of integrity, can be asserted to be genuine

Question 4

explain availability

Answer 4

Information is accessible to authorized users
-Always at your fingertips
Redundancy
-Build services that will always be available
Fault tolerance
-System will continue to run, even when a failure occurs
Patching
-Stability
-Close security holes