




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
lectuonitor and advise student work based on assigned task Both Given activities report and its implementation will be evaluated Report the status of the project for college, challenges, and if any action is taken (if any) re note
Typology: Lecture notes
1 / 289
This page cannot be seen from the preview
Don't miss anything!





























































































INFORMATION ASSURANCE AND SECURITY BY FARIS A. FEB 2020
The first dimension of the cybersecurity cube identifies the goals to protect the cyber world. The goals identified in the first dimension are the foundational principles of the cybersecurity world. These three principles are: Confidentiality Integrity availability. The principles provide focus and enable cybersecurity specialists to prioritize actions in protecting the cyber world. Use the acronym CIA to remember these three principles.
The Three Dimensions (Cont.)
The third dimension of the cybersecurity sorcery cube defines the types of powers used to protect the cyber world. The sorcery cube identifies the three types of powers: Technologies - devices, and products available to protect information systems and fend off cyber criminals. Policies and Practices - procedures, and guidelines that enable the citizens of the cyber world to stay safe and follow good practices. People - Aware and knowledgeable about their world and the dangers that threaten their world.
The Three Dimensions (Cont.)
The CIA Triad
1. Confidentiality Confidentiality prevents the disclosure of information to unauthorized people, resources and processes. Another term for confidentiality is privacy. Organizations need to train employees about best practices in safeguarding sensitive information to protect themselves and the organization from attacks. Methods used to ensure confidentiality include data encryption, authentication, and access control.
The CIA Triad |Confidentiality (cont.) Protecting Data Privacy Organizations collect a large amount of data and much of this data is not sensitive because it is publicly available, like names and telephone numbers. Other data collected, though, is sensitive. Sensitive information is data protected from unauthorized access to safeguard an individual or an organization.
The CIA Triad |Confidentiality (cont.) Data confidentiality ensures privacy so that only the receiver can read the message. Encryption is the process of scrambling data so that it cannot be read by unauthorized parties. Readable data is called plaintext, or cleartext. Encrypted data is called ciphertext. A key is required to encrypt and decrypt a message. The key is the link between the plaintext and ciphertext.
The CIA Triad |Confidentiality (cont.) Controlling Access Access control defines a number of protection schemes that prevent unauthorized access to a computer, network, database, or other data resources. The concepts of AAA involve three security services: Authentication, Authorization and Accounting.
The CIA Triad |Confidentiality |Authentication
The CIA Triad |Confidentiality |Authentication Authentication guarantees that the message: Is not a forgery. Does actually come from who it states it comes from. Authentication is similar to a secure PIN for banking at an ATM. The PIN should only be known to the user and the financial institution. The PIN is a shared secret that helps protect against forgeries. Data nonrepudiation is a similar service that allows the sender of a message to be uniquely identified. This means that a sender / device cannot deny having been the source of that message. It cannot repudiate, or refute, the validity of a message sent.
The CIA Triad(cont.)
2. Integrity Integrity is the accuracy, consistency, and trustworthiness of data during its entire life cycle. Another term for integrity is quality. Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls.
The CIA Triad |integrity (cont.)
The CIA Triad |integrity (cont.) Need for Data Integrity The need for data integrity varies based on how an organization uses data. For example, Facebook does not verify the data that a user posts in a profile. A bank or financial organization assigns a higher importance to data integrity than Facebook does. Transactions and customer accounts must be accurate. Protecting data integrity is a constant challenge for most organizations. Loss of data integrity can render entire data resources unreliable or unusable.
The CIA Triad |integrity (cont.) Integrity Checks An integrity check is a way to measure the consistency of a collection of data (a file, a picture, or a record). The integrity check performs a process called a hash function to take a snapshot of data at an instant in time. Digital Signature