System Security Principles
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Difficulty
Intermediate
Video Transcription
00:00
>> Welcome back to Cybrary.
00:00
Yes of course, I'm your instructor Brad Rhodes.
00:00
We're going to jump into system security principles,
00:00
and I bet you can guess what they are.
00:00
In this lesson we're going to talk about
00:00
confidentiality, integrity, and availability.
00:00
Confidentiality; the first leg of the CIA triad;
00:00
and this is pretty straightforward.
00:00
This is how we ensure that only folks
00:00
that need access to assets,
00:00
and I'm going to use that term generally.
00:00
Assets could be systems,
00:00
software, hardware, data, yada, yada, all that stuff.
00:00
We want to make sure that folks that are
00:00
authorized have the access they need.
00:00
Pretty straightforward. The second side
00:00
of that is to make sure that those are
00:00
not who are not authorized
00:00
don't get access. Pretty straightforward.
00:00
Really remember this,
00:00
confidentiality is about authorization.
00:00
Next one, integrity in the CIA triad.
00:00
This is really to ensure that
00:00
our data isn't being messed
00:00
with and that we can trust it.
00:00
We make sure that it's correct and ultimately reliable.
00:00
In integrity, we're looking at protecting data at
00:00
rest and data in transit, very important here.
00:00
Also, the other piece of integrity
00:00
is that non-repudiation thing.
00:00
We want to be able to show via logs or
00:00
some other means that if someone has access to
00:00
the data who it was and be able to
00:00
attribute that to them so that
00:00
they can't say they didn't access it.
00:00
Finally, availability.
00:00
This one's pretty straightforward.
00:00
Availability means that I can get access to my assets,
00:00
the data systems, etc.,
00:00
that I need to or whenever and wherever I need to.
00:00
When you think about the commercial space
00:00
they're most concerned about availability.
00:00
If you're an e-commerce provider,
00:00
and you don't have reliable access
00:00
to your e-commerce site, guess what?
00:00
You're not making money, and
00:00
therefore you're probably going to go out of business.
00:00
Whereas when we think about the government,
00:00
they are very much concerned about
00:00
confidentiality and integrity so it's a balance,
00:00
and when you think of the CIA triad
00:00
don't think of it as just one thing or the other.
00:00
It's actually a balance,
00:00
and it also varies depending on
00:00
the organization that you work for or support.
00:00
In this lesson, we
00:00
reviewed the CIA triad; the confidentiality,
00:00
integrity, and availability that we see across
00:00
many fields and information and
00:00
cybersecurity. We'll see you next time.
Up Next
Context, CONOPS, and Requirements Documents
Functional Analysis
Requirements Traceability
Trade-Off Studies
Module Summary
Similar Content
