Subtitles of the Movie

The next thing we're going to cover is something that we know as CIA Triad. Now, this doesn't have to do with any covert organization. The CIA Triad is actually an acronym and it describes a fundamental security principle and this fundamental security principle basically describes the basic goals of information security and those goals are confidentiality, integrity and availability. Everything we do in security actually contributes to one of these three goals in some way or another. So I thought we'd take the time to talk about each one of these. The CIA Triad protects both the data and the information systems that process that data. It's not just bits and bytes. It's controls, it's humans, it's physical security, it's technical security, it's administrative controls, it's all the different things we can do in security to protect our data and we want to protect these three basic properties of our data. It's confidentiality, it's integrity and it's availability. Let's talk about each one of these. Now, confidentiality is the first one we'll talk about and essentially when we talk about confidentiality, we're talking about keeping information from being disclosed to people who don't need it, who should not have it. But we keep it available to those who are authorized. In other words, if you don't need to know it, you're not supposed to be able to access this data. That's what confidentiality means. And again, it applies to the systems that process the data, computer systems themselves and the networks and other devices on the network that protect the data, as well as the data itself. Now, data is often classified at varying levels of sensitivity and we do this to protect its confidentiality. We may say that some data is classified as public, meaning anyone can look at that data, or some data might be considered company proprietary, meaning only people within a company can look at it. Or some even, some data might even be classified at a government level, such as top-secret data and that usually means that no one except authorized people with the right security clearance and need to know can look at that data. Now, data is protected by security measures and we call those security measures controls in the security world and there are authentication controls, encryption controls. There's physical security controls and so forth. But what we're concerned about with the CIA Triad is the controls that protect the confidentiality of data. And we'll talk about those as we go through the course. The next part of the CIA Triad is integrity. Now, integrity essentially assures us that data has not been altered. The data is said to have integrity if you can reasonably assure that it hasn't been changed in any way or destroyed, accidentally or intentionally by authorized users or processes or by malicious users and processes. Because let's face it, even computer systems can break down occasionally and it may alter data or corrupt the data and we want to make sure that data has not been changed in any way. That's integrity. It assures that data remains in a consistent, authorized state. Now, how do we protect against modification or destruction? Well, there's several different ways and a couple of ways that I'll give you as example. We'll also talk about some more ways later on throughout the course. But some of those examples are hashing and encryption and auditing. These are some of the ways that we can protect against modification and destruction. Now let's talk about availability. You might not think that availability of data is something that a security professional concerns themselves with, but it actually is. Availability ensures that systems and data are available for use by authorized users. In other words, the data is where I need it and I can get to it whenever I need it. And it's not there for unauthorized users. Availability talks about protection data against all kinds of events; intentional or accidental, man-made events or natural events, and even innocent events or malicious events; any kind of an even that might prevent authorized users of the data, when and where they need it. Now, how do we protect the availability of the data? Well, then there's many different ways and we'll talk about a lot of those ways during the course. Some examples I could give you might be backups, server clusters, redundant systems, just many different ways to protect the availability of data and we'll cover some of those as we go through the course. That's essentially the CIA Triad. Again, everything we do and talk about in security is used to support those three goals of confidentiality, integrity and availability and as we go through the course, I'll try to point out along the way some of the controls that we talk about or some of the security mechanisms and defense mechanisms we talk about, which goal of the CIA Triad they support and how they support it. mechanisms we talk about, which goal of the CIA Triad they support and how they support it.