Cia confidentiality, integrity, and availability
tải về 367.63 Kb. Chế độ xem pdf
|
| OBJECTIVES • Explain and discuss the 3 pillars of the CIA triad • Give examples of each of the 3 pillars WHY THE CIA TRIAD? • Information security can really boil down to 3 key components. • If any one of the 3 pillars breaks, we are not secure • All parts must remain intact FIPS 199 • U.S. federal government special publication that outlines the standards for security categorization of Federal Information and Information Systems • Breaks down categorization of information • Based off FISMA compliance – Federal Information Security Modernization Act CONFIDENTIALITY • Definition according to Title 44 of the U.S. Code: “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information” • How it applies according to FIPS 199: “A loss of confidentiality is the unauthorized disclosure of information” • Brief Explanation: The ability to keep things secret • Examples: Encryption, Passwords, Access Control Lists INTEGRITY • Definition according to Title 44 of the U.S. Code: “Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity” • How it applies according to FIPS 199: A loss of integrity is the unauthorized modification or destruction of information • Brief Explanation: The ability to ensure information remains the same and original from the source • Examples: Hashing, checksums AVAILABILITY • Definition according to Title 44 of the U.S. Code: “Ensuring timely and reliable access to and use of information” • How it applies according to FIPS 199: A loss of availability is the disruption of access to or use of information or an information system. • Brief Explanation: The ability to ensure systems remain available and functioning • Examples: Using load balancers, RAID, server clustering EXAMPLES OF FAILURES • Confidentiality – You name the latest breach – they are everywhere. Target, Home Depot, Heartland breaches • Integrity – phpMyAdmin attack of 2012 • Availability – Large scale DDoS attacks such as Mirai botnet CONCLUSION • Users and admins should always consider the CIA triad in any point in the system lifecycle • It’s up to the administrator to make sure they are ensuring security is built in! tải về 367.63 Kb. Chia sẻ với bạn bè của bạn:
|