Confidentiality, integrity and availability

-

Confidentiality, integrity and availability

This is the CIA triad of data and services

Confidentiality - Confidentiality has to do with the privacy of information, including authorizations to view, share, and use it

Integrity - Integrity refers to the reliability and completeness of data and includes ensuring information non-repudiation and authenticity

Availability - The concept that authorized users have access to the systems and the resources

The importance of maintaining CIA:
  • Maintains Security compilance
  • Maintains trust with stakeholders
  • Promotes a positive brand image
  • Avoids secuirty risks and unauthorised access
  • The consequences of not maintaing CIA:
  • Financial:
    • Regulatory fines
    • Refunds/compensation to customers
    • Loss of earnings
  • Legal:
    • Lawsuits
    • Termination of contract
  • Reputational:
    • Loss of clients 
    • Damage to brand
Identification, Authentication, Authorisation and Accountability

Purpose
  • IAAA is used to support the confidentiality, integrity and Availability security concept
  • IAAA are a set of primary concepts that aid in understanding computer and network security as well as access control.
Functionality
  • Identification and authentication provides a way of identifying a user typically requiring a User-id/Password combo before granting a session 
  • Authorisation is the process that determines whether the user has the authority to carry out a specific task.
  • Accounting keeps track of the activities the user has performed
Application of cyber security:
  • To protect property, data and systems from intentional or even unintentional damage
How are Layers of security and Physical elements of security be applied to assure confidentiality. Confidentiality

Layers of security are applied in many ways to assure confidentiality for example, Firewalls are used to stop malicious actors access the network from outside of it. Another way would be to change access levels so only authorised data can be accessed. As well Physical elements of security can be things like making employees sign NDAs, Locking there hardware down.

Access Control Lists (ACL)

An access control list contains rules that grant or deny access to certain digital environments.
  • Filesystem ACLs tell operating systems which users can access the system, and what privileges the users are allowed
  • Networking ACLs filter access to the network.

How are layers of security and physical elements of security applied to assure confidentiality. Integrity

In an organisation, a manager would have a greater access to data of multiple people than an employee due to the varying tasks that each type of person would need to carry out. The organisation would also have other procedures. Some of the physical restrictions that would be in place would be things like keeping access to the main server room to a minimum, for example, who has access to the key to enter the room. Another example would be keeping the data on an account that only someone like the IT department has access to.

How are layers of security and physical elements of security applied to assure confidentiality. Availability.









Comments

Post a Comment

Popular posts from this blog

Principles of Project Planning

-
Project Aim and Objectives & Scope Activity Sheet   Project Name: Gloscol VR Project   Date: 28.2.2025     1. Defining the Project Aim   The project aim outlines the broad goal or purpose of the project. It should capture the overall vision and answer the question, “What is the main purpose of this project?”   Questions to Consider     What is the overall goal of this project?     To create a virtual tour of the college that can be viewed on VR as well as a desktop or phone.       What problem is this project solving or what opportunity is it creating?     We need to mak e it easier for people to see the college through a VR lens specifically those who cannot entire the college. Or can’t attend open evenings       Who will benefit from this project (stakeholders, customers, team members)?     The main stakeholders of the project are the potential students coming to the college w...
Read more

Mock Interview Exercise

-
Questions When was the last time you upgraded you systems? How old is your infrastructure? What type of software do you use for your network? How do you manage your company devices? How many people currently use the network? How often do you have issues with your network? How secure are the passwords used on you network? How often do you change the passwords on your network? Do you have security cameras around your server rooms? Do you a good firewall to protect against unwanted traffic? Have you setup access levels for each type of employee/user? What is the budget for the project? What are you objectives for the project? What is the time span of the project? How much do you want improved on your network? Interview They upgraded there systems last around 6 years ago (2019) The oldest part of the network is around 10 years old (2015) They use Windows Server, they didn't know the version (most likely 2019) They monitor who has access to that device, they can access any device if the...
Read more