The Role of CIA

The three fundamental items upon which security is based together are known as the CIA triad (see Figure 3.1). You will see these concepts presented throughout this book.

  • Confidentiality The concept of keeping private information away from individuals who should not have access. Any time there is an unintentional release of information, confidentiality is lost. As an example, if Black Hat Bob can intercept an email between the CEO and the CIO and learn their latest plans, confidentiality has been broken and there is a lapse of security. Other attacks on confidentiality include sniffing, keystroke monitoring, and shoulder surfing.
  • Integrity The concept of integrity means that data is consistent and that it hasn't been modified. This modification can result from access by an authorized or unauthorized individual or process. Integrity must also prevent modification of data while in storage or in transit. For example, if I could access my bank account and change the bank balance by adding a few zeroes . . . well, that's not such a big deal to me, but the bank might not be happy because they would suffer a serious lapse of integrity.
  • Availability The concept of availability is pretty straightforward. You should have reliable and timely access to the data and resources you are authorized to use. A good example of a loss of availability is a DoS attack. No, it doesn't give the perpetrator access, but it does prevent legitimate users from using the resource.

Figure 3.1. CIA security triad.

Which one of these three is most important? Well, that depends. They are all important, but organizations are unique. Different elements of the CIA triad will take the lead in different companies. For example, your local bank might consider integrity the most important, but an organization that does data processing might see availability as the primary concern.

The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author

Acknowledgments

We Want to Hear from You!

Introduction

Self-Assessment

The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics

Cryptography

Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2



CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net