CIA Triad

Confidentiality - the act of keeping data and systems secure from unauthorized access.

Ex:

• Strict control of permissions like files and folders

• Strong authentication (username, passwords, PIN)

• Encryption

Levels of Confidentiality:

• Internal use only

• Confidential

• Privileged

• Top secret

Data in motion - data that is transferring from one source to another.

Integrity - ensures data is accurate and valid.

• Data must protected against unauthorized changes

• Accounting (Auditing) - tracking who touches data and when.

• Make sure your data is the same from the source to a destination

Ex: If you want to send an email, the email must contain the same content and the same attachments as it goes from u to your destination.

Ways to know that it’s valid:

• Encryption

• Digital Signatures

Non-repudiation - ensures that one cannot be deny an action such as a sent email or file.

Availability - ensures data is accessible by those who need it and when they need it.

• Responsible for data protection from theft and natural disaster, including equipment failure.

Ways to maintain important data:

• Redundancy

  • Backup server

  • Hard drive mirror