Ethical Hacking Tutorial 3 :- CIA Triad of Information Security
Hello and welcome back to the Ethical Hacking Tutorial of Dark Street Hackers!!!
Hope you guys are learning well. For any of the queries suggestions, comment box is open for you. If you liked this new start from Dark Street Hackers, then please do share your valuable reviews in comment box or else if you wanna suggest something, then also share to us via comment section or contact us via our email mentioned in Contact Us section on our blog.
Coming back to the tutorial number 3, today we are going to learn some of the important terms or essentials for securing information or data in simple language. When we talk about securing our data, what exactly does it means? Keeping passwords in smart phones and laptops makes it secure? The answer is big NO! Yeah, it is true. We have to make data secure in such a way that only authorized user can have access to it. Majorly, there are three most important pillars in the field of cyber security to be taken care of. They are:
A) Confidentiality, B) Integrity & C) Availability. People call it as CIA triad. This is a model designed in such a way that guides the security framework policies of any organization.
Let us understand them one by one,
A) Confidentiality:- In the world of computer systems, keeping important information secret from unauthorized users is a tough work. Confidentiality refers to the same. The data or information which is highly confidential should be available to those who are allowed to have access to it. In simple words, we can say that it is a set of rules that bounds the access to the information. This is the first step towards securing data. There are lots of methods used for implementing confidentiality. Some of the methods are, data encryption, use of user IDs and passwords, two factor authentication, biometric verification, Access Control Lists (ACLs), etc.
B) Integrity:- Integrity can be understood as the originality of information. It refers to the best practice of taking care of the information in order to stop unauthorized access. Information should be kept in such a way that it's integrity should be maintained and not changed without access. There are also different techniques to maintain the integrity. Few of them are, limited access, file permissions, ACLs, checksums or cryptographic checksums, etc. Regular backups should be taken in a proper manner so that in case of breach, recent backup or we can updated files will be available easily.
C) Availability:- Availability, the word itself shows the scope of information and resources available when needed. It invokes that information should be available to authorized person, when it is required. To maintain the third most aspect of the triad, all the resources must be available all the time when needed. To prevent data loss or any disastrous events, regular backups may prove useful. Other security solutions may include safeguard softwares like firewall, proxy servers, IDS/IPS, DDoS protectors,etc. These equipments can be used against data loss or any undesired attack vectors.
So, this is it for today's lesson. We will continue learning more in upcoming posts. Till the time stay safe and drop your valuable reviews in comment section. Thank you!!!
To Be Continued........
Hope you guys are learning well. For any of the queries suggestions, comment box is open for you. If you liked this new start from Dark Street Hackers, then please do share your valuable reviews in comment box or else if you wanna suggest something, then also share to us via comment section or contact us via our email mentioned in Contact Us section on our blog.
Coming back to the tutorial number 3, today we are going to learn some of the important terms or essentials for securing information or data in simple language. When we talk about securing our data, what exactly does it means? Keeping passwords in smart phones and laptops makes it secure? The answer is big NO! Yeah, it is true. We have to make data secure in such a way that only authorized user can have access to it. Majorly, there are three most important pillars in the field of cyber security to be taken care of. They are:
A) Confidentiality, B) Integrity & C) Availability. People call it as CIA triad. This is a model designed in such a way that guides the security framework policies of any organization.
Let us understand them one by one,
A) Confidentiality:- In the world of computer systems, keeping important information secret from unauthorized users is a tough work. Confidentiality refers to the same. The data or information which is highly confidential should be available to those who are allowed to have access to it. In simple words, we can say that it is a set of rules that bounds the access to the information. This is the first step towards securing data. There are lots of methods used for implementing confidentiality. Some of the methods are, data encryption, use of user IDs and passwords, two factor authentication, biometric verification, Access Control Lists (ACLs), etc.
B) Integrity:- Integrity can be understood as the originality of information. It refers to the best practice of taking care of the information in order to stop unauthorized access. Information should be kept in such a way that it's integrity should be maintained and not changed without access. There are also different techniques to maintain the integrity. Few of them are, limited access, file permissions, ACLs, checksums or cryptographic checksums, etc. Regular backups should be taken in a proper manner so that in case of breach, recent backup or we can updated files will be available easily.
C) Availability:- Availability, the word itself shows the scope of information and resources available when needed. It invokes that information should be available to authorized person, when it is required. To maintain the third most aspect of the triad, all the resources must be available all the time when needed. To prevent data loss or any disastrous events, regular backups may prove useful. Other security solutions may include safeguard softwares like firewall, proxy servers, IDS/IPS, DDoS protectors,etc. These equipments can be used against data loss or any undesired attack vectors.
So, this is it for today's lesson. We will continue learning more in upcoming posts. Till the time stay safe and drop your valuable reviews in comment section. Thank you!!!
To Be Continued........
2 Comments
What is exactly ALC?🤔
ReplyDeleteCan you please elaborate it with it's full form?
Delete