Confidentiality, Integrity, and Availability Flashcards
What is Confidentiality?
The first principle of the CIA Triad is confidentiality. Confidentiality is the concept of the measures used to ensure the protection of the secrecy of data, objects, or resources. The goal of confidentiality protection is to prevent or minimize unauthorized access to data.
Passive element
An object is the passive element in a security relationship, such as files, computers, network connections, and applications.
Active element
A subject is the active element in a security relationship, such as users, programs, and computers.
Events that lead to confidentiality breaches
Failing to properly encrypt a transmission, failing to fully authenticate a remote system before transferring data, leaving open otherwise secured access points, accessing malicious code that opens a back door, misrouted faxes, documents left on printers, or even walking away from an access terminal while data is displayed on the monitor. Confidentiality violations can result from the actions of an end user or a system administrator. They can also occur because of an oversight in a security policy or a misconfigured security control.
Aspects of confidentiality
Sensitivity, Criticality, Discretion, Concealment, Secrecy, Privacy, Seclusion, Isolation
What is sensitivity
Sensitivity refers to the quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.
What is criticality
The level to which information is mission critical is its measure of criticality. The higher the level of criticality, the more likely the need to maintain the confidentiality of the information.
What is Discretion
Discretion is an act of decision where an operator can influence or control disclosure in order to minimize harm or damage.
What is concealment
Concealment is the act of hiding or preventing disclosure. Often concealment is viewed as a means of cover, obfuscation, or distraction. A related concept to concealment is security through obscurity, which is the concept of attempting to gain protection through hiding, silence, or secrecy.
What is secrecy
Secrecy is the act of keeping something a secret or preventing the disclosure of information.
What is privacy
Privacy refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.
What is seclusion
Seclusion involves storing something in an out-of-the-way location. This location can also provide strict access controls.
What is isolation
Isolation is the act of keeping something separated from others.
What is Integrity
Integrity is the concept of protecting the reliability and correctness of data. It ensures that data remains correct, unaltered, and preserved.
Three perspectives of Integrity
- Preventing unauthorized subjects from making modifications
- Preventing authorized subjects from making unauthorized modifications, such as mistakes
- Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world and any relationship with any child, peer, or parent object is valid, consistent, and verifiable
Events that lead to integrity breaches
Modifying or deleting files; entering invalid data; altering configurations, including errors in commands, codes, and scripts; introducing a virus; and executing malicious code such as a Trojan horse. Integrity violations can occur because of the actions of any user, including administrators.
Aspects of integrity
Accuracy, Truthfulness, Authenticity, Validity, Nonrepudiation, Accountability, Responsibility, Completeness, Comprehensiveness
What is accuracy
Being correct and precise
What is truthfulness
Being a true reflection of reality
What is authenticity
Being authentic or genuine
What is validity
Being factually or logically sound
What is nonrepudiation
Not being able to deny having performed an action or activity or being able to verify the origin of a communication or event
What is Accountability
Being responsible or obligated for actions and results
What is responsibility
Being in charge or having control over something or someone
What is completeness
Having all needed and necessary components or parts
What is comprehensiveness
Being complete in scope; the full inclusion of all needed elements
What is availability
Availability means authorized subjects are granted timely and uninterrupted access to objects. It also implies that the supporting infrastructure—including network services, communications, and access control mechanisms—is functional and allows authorized users to gain authorized access.
Availability breaches include
Accidentally deleting files, overutilizing a hardware or software component, under-allocating resources, and mislabeling or incorrectly classifying objects.
Aspects of availability
Usability, Accessibility, Timeliness
What is Usability
The state of being easy to use or learn or being able to be understood and controlled by a subject
What is accessibility
The assurance that the widest range of subjects can interact with a resource regardless of their capabilities or limitations
What is timeliness
Being prompt, on time, within a reasonable time frame, or providing low-latency response
