Time
5 hours 49 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:00
Welcome to the CIA. A module off the I. T. Security course. My name is 100. Now on. I'll be your structure for today's session.
00:10
Some learning operatives is Tiu Understand and be able to identify when to use the following three pillars of information security, confidentiality and terry and availability.
00:26
Well, uh, lives are three pillars of the information security. Overall, confidentiality is that the information should be seen on Lee, but the people are authorized to see it.
00:39
Oftentimes, people confuse, confuse confusion. She ality with no nobody seeing the information. But that's that's not true. Confidentiality. Ease the right people should be able to see the information. That's confidentiality. For example, cryptography
00:58
applying the principle of cryptography
01:00
is to you know, for example, you have the work. Hello.
01:07
And you will have you want to send that on to a friend so they will have to encrypt that somehow with a key,
01:15
you know, key and algorithm.
01:22
And you know that will give you, you know, encrypted information. I don't know.
01:27
And then you will send that to your friend and your head friend will receive that it will have to pass it. Thio key and an algorithm as well. And then he will
01:38
get the word. Hello.
01:42
Now, the point is to to you know, this
01:47
this no one here is the internet. And the point is to, you know,
01:52
keep the confidentiality through the path of the Internet. So anybody trying to exit right here, for example,
02:00
you know, I don't need the middle attack, For example,
02:04
uh, not be able to identify or see the information itself.
02:08
Uh, then we have integrity, which is basically to, um
02:15
the measure is the message. The same is changed in a controlled way. People also oftentimes confused, is with internally the information not changing. And that's not true. Information should change the information to save dynamic. So let's say let's say the example. Hello?
02:36
You know, we're focusing right now on integrity, not confidentiality. So you can actually pass this to an algorithm?
02:46
Ah, hash algorithms. And then you get I don't know, uh, has a word, you know, a key, uh, whatever.
02:54
And that you can actually send the seat both off this information to a friend,
03:00
both of them. So the friend will have the clear decks message, which is hello.
03:07
And you will also, you know, get the hash off the message to the point right here. Is that your friend? Are you? No. Third party will have to pass this, Um,
03:21
hello for the exact same
03:24
algorithm, which is right here, and it will have to give them, except same cash. That way, you can, you know,
03:31
be able to identify that the message hasn't changed.
03:37
That's a charity, Remember? We're not looking for any type of,
03:42
um, confidentiality. And, abi, literally, is how it sounds. The correct information. And when I said the correct, you know that the change in a control way needs to be able Thio, you know, be prepared or be ready for the right people at the right time. That's about it. Really
04:00
This?
04:01
No, not much to say about that.
04:03
Ah,
04:04
Now, uh, some key concept, huh?
04:09
Off cryptography is that, for example, digital signatures did felt signatures. People often confuse it with confidentiality and digital signatures that do not provide confidentiality. It provides militarily.
04:26
But it also provides another important point, which is, you know, some some books are actually adding a new pillar
04:32
to the three pillars of information security, which is a non great creation.
04:38
Um, which is basically let me write it right here.
04:43
Non
04:45
repudiation.
04:48
Uh, which is basically Thio
04:53
you will not be able to deny that you did something like, for example, send a message or write a document or, you know, create anything
05:02
because you actually use something personal to you. In this case, your private key will, you know, develop all these concepts later in the curse on the convenient on the cryptography modules.
05:15
But the longer it pretensions is that you cannot deny doing something. Sending a man such sending an email right in a document because you something personal that only you know, on Lee you have to actually sign that. But you don't remember. Uh, digital signatures did not provide confidentiality.
05:34
And another key
05:36
point remember is that hashes did not use a key.
05:42
They use our on algorithm, but they do not do not use a key. Because at the end, in this I you know you're right here
05:50
and your friend is right here. None of you have a key, so you will have to use on algorithm. For example, shop, which is an algorithm are on terry algorithm.
06:02
Um, to pause the same message
06:06
one another, and you will have to, you know, get the same results. So it Terry does not use a key. Um, and that's basically,
06:17
um,
06:19
you know, our digital signatures used to provide confidentiality will know they are used to provide integrity and now repudiation, As we say before,
06:30
what's the key size in shots to 50 seat hash algorithm? Well, that's a tricky question, because, as I said before, hash algorithms did not use a key. They use algorithms percent, which is, you know, shot 2 to 6, for example. But they did not use a key.
06:46
And what's the other pillar? Being in some books will no reputation thistles. The four pillar, which is basically that you cannot deny doing something, for example, sending an email or are writing a book, whatever it because you something personal to say or to sign
07:06
that document or Dr War. That message.
07:12
Uh oh. Today's brief lecture We discussed the tree information security pillars, dimensional Karpov, usage of each of the fallen concepts,
07:21
confidentiality, integrity, availability and non repudiation
07:28
supplemental materials, I recommend to you used to read to you the Fifth Standard.
07:34
Um, we use that sunder to, you know, be able to be too.
07:41
Yeah. I don't create a good, uh
07:44
um
07:45
photography program. You can say because you will be using, you know, some good practice. Like, uh, you can about using deprecate er algorithms or replicated keys. Ice is, um I don't know. You can start being lead your Kryptonian program
08:03
or your P k I, as we will understand later in this discourse.
08:09
Looking forward in the next bill will cover the main concept of the LC mogul and how it is related to information security.
08:18
Well, that's it for today's lesson. Everybody thank you for watching.

Up Next

IoT Security

This IoT Security training is designed to help IT professionals strengthen their knowledge about the Internet of Things (IoT) and the security platforms related to it. You’ll also be able to identify the security, privacy and safety concerns related to the implementation of an IoT infrastructure.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor