📌
Software Security
  • README
  • Prerequisites
    • Prerequisites
  • Introduction
    • Cyber security principles
    • Basic web concepts
      • HTTP
      • JavaScript
      • Cookies
      • SQL
      • DOM
      • APIs and the multitier architecture
    • Basic browser security concepts
      • Same-Origin Policy (SOP)
      • Cross-Origin Resource Sharing (CORS)
      • Cookies
      • Tracking
    • Basic security concepts
      • Hashing
  • Access Control: Basics
    • Authentication
      • Passwords
      • Password managers
      • Attacking passwords - online
      • Attacking passwords - offline
    • Authorization
      • Insecure direct object references
    • Session Management
    • CSRF
      • CSRF: why & how it works
      • Protecting against CSRF attacks
    • SSRF
      • SSRF: how it works and how we can protect against it
  • Access Control: Advanced
    • Authentication
      • Federation
      • Alternative authentication mechanisms
      • FIDO2 and WebAuthn
  • Injection attacks
    • Injection attacks
    • SQL Injection
    • Command Injection
    • Cross-site scripting
      • Input validation
      • Context sensitive output encoding
      • About the HttpOnly flag
      • Content Security Policy
    • Subresource integrity
    • Sandboxing
  • HTTPS
    • HTTPS
    • Introduction to cryptography
    • PKI
    • Setting up HTTPS
    • References
  • HTTP Headers for security
    • HTTP Headers
  • Threat Modeling
    • Threat modeling introduction
    • Threat modeling basics
    • Inspiration for threats
  • Bringing it all together
    • A comprehensive overview of controls
Powered by GitBook
On this page
  • Cyber security principles
  • Confidentiality
  • Integrity
  • Availability
  • Two other principles that you will often encounter
  • Authenticity
  • Non-repudiation

Was this helpful?

  1. Introduction

Cyber security principles

PreviousPrerequisitesNextBasic web concepts

Last updated 3 years ago

Was this helpful?

Cyber security principles

Three of the most well-known cyber security principles are

  • confidentiality

  • integrity

  • availability.

These are often referred to as the CIA triad.

Confidentiality

Confidentiality is about keeping information secret from those who are not allowed to access it. Access management measures such as authentication are examples of an implementation measure aimed to protect confidentiality. Encryption of data is another example.

Integrity

Integrity should guard against improper information modification or destruction. For example, to be certain that an email is not modified during transport, we could protect its integrity by means of a digital signature. Note that many emails these days are still sent without signing them, therefore increasing the risk of improper modification.

Availability

Availability measures should ensure the information is timely and reliably accessible. Some information may need an availability up time of 99,97%. Reaching an availability of 100% is nearly impossible. Even Google doesn’t, as you can read here in the extract copied from their .

Two other principles that you will often encounter

Authenticity

Authenticity relates to the fact that the receiver can be certain the message was sent by a specific sender, and not by some random attacker.

Non-repudiation

Non-repudiation is stronger since even third parties can be convinced that the information came from that sender. Should things go to court, the sender will have a hard time denying having sent the message.

While not part of the course contents, it may be interesting to know that several lists of principles exists, of which the CIA triad is simply the most well-known. Another well-known list are the design principles of Saltzer & Schroeder: http://web.mit.edu/Saltzer/www/publications/protection/Basic.html

FAQ