Confidentiality, Integrity, and Availability Flashcards
What is Confidentiality?
The first principle of the CIA Triad is confidentiality. Confidentiality is the concept of the measures used to ensure the protection of the secrecy of data, objects, or resources. The goal of confidentiality protection is to prevent or minimize unauthorized access to data.
Passive element
An object is the passive element in a security relationship, such as files, computers, network connections, and applications.
Active element
A subject is the active element in a security relationship, such as users, programs, and computers.
Events that lead to confidentiality breaches
Failing to properly encrypt a transmission, failing to fully authenticate a remote system before transferring data, leaving open otherwise secured access points, accessing malicious code that opens a back door, misrouted faxes, documents left on printers, or even walking away from an access terminal while data is displayed on the monitor. Confidentiality violations can result from the actions of an end user or a system administrator. They can also occur because of an oversight in a security policy or a misconfigured security control.
Aspects of confidentiality
Sensitivity, Criticality, Discretion, Concealment, Secrecy, Privacy, Seclusion, Isolation
What is sensitivity
Sensitivity refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.
What is criticality
The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.
What is Discretion
Discretion is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.
What is concealment
Concealment is the act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction. A related concept to concealment is security through obscurity, which is the concept of attempting to gain protection through hiding, silence, or secrecy.
What is secrecy
Secrecy is the act of keeping something a secret or preventing the disclosure of information.
What is privacy
Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.
What is seclusion
Seclusion involves storing something in an out-of-the-way location. This location can also provide strict access controls.
What is isolation
Isolation is the act of keeping something separated from others.
What is Integrity
Integrity is the concept of protecting the reliability and correctness of data. It ensures that data remains correct, unaltered, and preserved.
Three perspectives of Integrity
- Preventing unauthorized subjects from making modifications
- Preventing authorized subjects from making unauthorized modifications, such as mistakes
- Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world and any relationship with any child, peer, or parent object is valid, consistent, and verifiable