The CIA Triad is the foundation of cybersecurity. It ensures data and systems are protected from unauthorized access, modification, and downtime.
1. Confidentiality 🔒
Ensures that data is only accessible to authorized individuals.
- Example: Your bank account details should be visible only to you and the bank, not hackers.
- Risk: If a hacker steals your password, they can access your account.
2. Integrity 🛠️
Ensures data remains unaltered unless changed by authorized entities.
- Example: When sending an email, the content should not be modified during transmission.
- Risk: A hacker could alter financial transactions, changing a $100 transfer to $10,000.
3. Availability 🌐
Ensures systems and data are accessible when needed.
- Example: A hospital’s patient database must be available at all times for doctors.
- Risk: A DDoS attack on an e-commerce website prevents customers from shopping.
Beyond CIA: Additional Security Concepts
1. Authenticity ✅
Ensures that data comes from a verified source.
- Example: A digital signature confirms that an email is from your manager and not a scammer.
2. Nonrepudiation 📜
Prevents denial of an action after it has occurred.
- Example: An online banking transaction has a receipt proving the transfer happened.
3. Parkerian Hexad 🏛️
In addition to CIA, Donn Parker introduced:
- Utility: Data must be useful. (Example: An encrypted file without a key is useless.)
- Possession: Data should not be stolen or controlled by attackers. (Example: Ransomware encrypting your files means you lose possession of your data.)
.jpg)
){kind=link}
0 Comments