Information Security Basics Part-1

Information Security Basics - Day 1

The National Institute of Standards and Technology (NIST)

Cybersecurity Framework (CSF) defines information security as: Preservation of confidentiality, integrity, and availability of information. This includes ensuring that information is not modified, destroyed, or accessed by unauthorised individuals.

The three major components of information security are:

• Confidentiality

• Integrity

• Availability

Together, these 3 components make up the CIA Triad. In short,

• Confidentiality ensures that information is accessible only to those who are authorised to access it

• Integrity ensures that data remains accurate and trustworthy throughout its lifecycle, safeguarding against unauthorised changes.

• Availability ensures that data and services are accessible and usable when needed, safeguarding against disruptions or downtime.

As information security professionals, we should always strive for the most optimal combination of these 3 components.

Now we will take a look at confidentiality first:

As per NIST Confidentiality refers to the aspect of information security in which "data or information is not made available or disclosed to unauthorised individuals, entities, or processes. This means that sensitive information has to be protected from unauthorised access, disclosure, alteration, or destruction.

Confidentiality countermeasures are implemented through various security controls, such as encryption, access controls, authentication procedures, data classification, etc.

Attacks against confidentiality:

1. Intentional attacks: data breaches, phishing attempts, malware, and physical security attacks.

2. Unintentional attacks: Sometimes attacks are the result of human error, oversight, or incompetence, which may result in a violation.

Ideally , we want to implement controls that have the best combination of all 3 aspects of CIA Triad.

Remember, too much confidentiality will result in a loss of availability