Cyber security principles
Last updated
Was this helpful?
Last updated
Was this helpful?
Three of the most well-known cyber security principles are
confidentiality
integrity
availability.
These are often referred to as the CIA triad.
Confidentiality is about keeping information secret from those who are not allowed to access it. Access management measures such as authentication are examples of an implementation measure aimed to protect confidentiality. Encryption of data is another example.
Integrity should guard against improper information modification or destruction. For example, to be certain that an email is not modified during transport, we could protect its integrity by means of a digital signature. Note that many emails these days are still sent without signing them, therefore increasing the risk of improper modification.
Availability measures should ensure the information is timely and reliably accessible. Some information may need an availability up time of 99,97%. Reaching an availability of 100% is nearly impossible. Even Google doesn’t, as you can read here in the extract copied from their .
Authenticity relates to the fact that the receiver can be certain the message was sent by a specific sender, and not by some random attacker.
Non-repudiation is stronger since even third parties can be convinced that the information came from that sender. Should things go to court, the sender will have a hard time denying having sent the message.
While not part of the course contents, it may be interesting to know that several lists of principles exists, of which the CIA triad is simply the most well-known. Another well-known list are the design principles of Saltzer & Schroeder: http://web.mit.edu/Saltzer/www/publications/protection/Basic.html