C.I.A. Triad key characteristics of information that make it valuable to an organization
key characteristics of information that make it valuable to an organization
standard for computer security since based on three characteristics confidentiality, integrity, and availability.
authorized users have access to information in a usable format, without interference or obstruction
Availability does not imply that the information is accessible to any user; rather, it means it can be accessed when needed by authorized users.
: when an information system is able to recognize individual users
How to performed
user name or ID
It is the first step in gaining access to secured material, and it serves as the foundation for authentication and authorization.
Identification is nothing more than claiming you are somebody.
limiting access to only those with sufficient privileges and a demonstrated need to access it
confidentiality is breached intentional or unintentional when exposure of an information asset to unauthorized parties.
confidential information could be mistakenly e-mailed to someone outside the organization rather than the intended person inside the organization
employee discards, rather than destroys, a document containing critical information.
hacker successfully breaks into a Web-based organization’s internal database and steals sensitive information about clients
To protect the confidentiality of information
Application of security policies
Education end users
Secure document storage
Confidentiality is closely related to another key, privacy
In an organization, confidentiality of information is especially important for personal information about employees, customers, or patients.
describes how data is whole, complete, and uncorrupted.
When it is threatened
when it is exposed to corruption, damage, or other disruption of its authentic state.
When corruption can occur
while information is being entered, stored, or transmitted.
Examples of integrity violation
viruses and worms designed to corrupt data
Faulty programming or noise in the transmission channel.
How to protect integrity
use redundancy bits and check bits during each transmission, algorithms, hash values, and error-correcting codes.
mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels.
Examples of authorization
The access control lists and authorization groups in a networking environment.
The database authorization scheme to verify that the user of an application is authorized for specific functions, such as reading, writing, creating, and deleting.
The present-day needs made these characteristics inadequate on their own to conceptualize InfoSec because they are limited in scope and cannot cover today’s constantly changing IT environment.
Therefore, it has been expanded into a more comprehensive list of characteristics including privacy, identification, authentication, authorization, and accountability.
how one proves that they are who they say they are.
Examples of authentication mechanisms
-personal identification number (PIN)
-Secure Sockets Layer (SSL) connection
-cryptographic hardware devices such as RSA’s SecurID.
on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as audibility.
information will be used only in ways approved by the person who provided it
Privacy violation examples:
Today, it is possible to collect and combine personal information from several different sources, known as
, which has resulted in databases containing data that could be used in ways the original data owner hasn’t agreed to or even knows about
is pieces of non-private data that, when combined, may create information that violates privacy
information aggregation not equal to aggregate information