Ok, warm welcome to those who are following this course from initial part. In this part, I will highlight the most important model/triad of Cyber Security, i.e. CIA.
Before any explanation, first see image below. And try to remember each words of CIA.
img src : https://www.kevinmagee.com/wp-content/uploads/2017/04/ciatriad.jpg
Confidentiality, Integrity and Availability, (CIA triad), is a model designed to guide policies for information security within an organization. Confidentiality in one word refers to Secrecy, Integrity in one word refers to Intact/Accurate, Availability in one word refers to Available (Reliable access to information or service).
- Data or Information or Plan private to person or organization or set of people
- Make sure that information is not being sent to wrong people, or to those who are not allowed to know.
- Tips : Beware of Social Engineering Attack in this case. Because bad guys will try to gather as much information as they can by manipulating your thoughts via one on one talk, or via emails, phone calls, etc. To protect employees or members of organization from this kind of attack, they should be provided with best training and awareness seminar on how Social Engineering Attack is carried out.
- Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.
- Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
- These measures include file permissions and user access controls. (About user access controls, I will talk in detail in future video or article lesson)
- Tips : In case of digital forensic and investigation, devices collected from crime scene like USB, SSD, HDD, or any other storage media, is first made exact replica, ie. Disk Imaging and then original disk is stored safely, and all investigation goes from 2nd replicated disk after Read Only mode is applied. This will help in maintaining accuracy or integrity of original disk.
- You tried logging in to your bank account for transaction of money, but your bank’s website is down and you cannot get service of transaction, right ? So, bank’s website is not available for you at this moment, now ? Reputation ruins here.
- Another case, you went back to your office, you turned on your server machine, where 1,000+ websites were maintained, but you got message, SSD/HDD Crashed. Server Down. Imagine you’ve no backups. NOW ?????
- Your organization is on attack from Black Hat Hackers from 24 hours, you do not have Response Team, Cyber Security Experts, Ethical Hackers, Best Defense Team, nothing…. NOW What ???
- So, in different cases, you need different solutions, or backups, or defense. So that you can maintain availability of your services.
- In normal way, Availability refers to well maintained hardware, or systems or environment for providing best possible services as soon as it is required.
Video Tutorial of this Part will be available in http://youtube.com/studentvideotutorial
Featured image via Pixabay.Com