The Pillars of Cybersecurity Part 1

00:06

Hey, guys, My name is Peter. Sip alone and welcome to module to off the network security beginner's course.

00:13

This is module to lesson one.

00:17

So

00:18

because it's before we take this video, really? Just go back to Monjural One and check out the introduction video. This introduction of video really explains how the course is laid out. How the videos we lay it out and different information would be helpful for you

00:35

in this video.

00:37

So learning objectives for this video while we're going to start off at the core section off the network security informational pyramid. So this section we're gonna learn really about, you know, I t basic cybersecurity principles and very important knowledge and how everything

00:57

related to cybersecurity

00:59

can be traced back to its core foundation and principles. So in this video, specifically, we're going to focus on the C I A and D A. D triangles.

01:10

We're gonna look at non repudiation, and we're also going to look at identification,

01:17

authentication and authorization.

01:21

So let's start out with C I. A. Triangle

01:25

C. I. A Triangle is the most basic fundamental aspect of cybersecurity. It's composed of three points or sometimes referred to as the pillars three pillars of cybersecurity. And they are confidentiality,

01:40

integrity

01:42

and availability.

01:44

These three pillars war no points are the most fundamental aspect off cybersecurity. Everything you do in cyber security, network security, any type of security will always come back to confidentiality, integrity

02:00

and availability.

02:04

Now see, a triangle also has an arch nemesis, the dad Triangle de a D triangle. The D a d a. D triangle stands for disclosure,

02:15

alteration and denial.

02:19

Now, with the C I A and the D a. D triangle, the two points go together and they are mutually exclusive. So when you have the two triangles together, right, you either have confidentiality or you have disclosure.

02:35

You either have integrity or you have

02:38

alteration.

02:39

You either have availability or denial,

02:45

so each each point of the C I. A triangle corresponds to each point on the D A. D triangle, and once again they are mutually exclusive. You cannot have both. At the same time, you either have one or you either have the other. And this is really how cybersecurity

03:02

is set up. This is the very basic foundation of cyber security. We want the C I A points. We do not want

03:10

the d A D points.

03:14

So some very important cybersecurity principles. The first is non repudiation. This means you are not able to deny having sent a message.

03:24

So if something happens, you should always be able to point back and say, This person sent it and this person will not be able to deny that they performed this action. You want non repudiation because

03:37

it rule leads. It leads to integrity. It shows who who sent us. There's no confusion as to what's going on

03:45

now. I'm using the example of sending it as like messages, but it can really be any type of security action or even any action in general.

03:53

The second very important cybersecurity principle is access control.

03:59

Access control defines the degree of permission granted to a resource.

04:03

Access control is really broken up into three different sub categories. Identification,

04:11

authentication and authorization. We're going to take a quick we're gonna take a deeper dive into these three categories,

04:20

so access control. The 1st 1 is identification.

04:25

Who is the subject? And basically, with this part of access control, you are asserting who you are. You are making a claim you're putting your stake in the ground and saying this is who I am.

04:38

The second part is the authentication,

04:41

which is the proof of identity. This is the process of verification in which the subject proves they are who they say they are.

04:50

The third part is authorization.

04:55

What can be accessed after authentication? Just because someone is authenticated to access either like a resource or a computer or even going into a part of the building, right? Just because they're allowed in doesn't mean they have access to everything. So authorization is what the person

05:14

is authorized to look at to get into What would they have access to after they've been authenticated?

05:19

So for a quick example of this, we have this little arrow here with the three steps. The first step is the identifications that I am Peter and I am over 21.

05:30

I'm asserting who I am.

05:32

The second step is the authentication.

05:35

All right, I'd Peter display my driver's license, right. The driver's license has my birthdate on it and my name and all my other information. So it shows that yes, in pewter. And yes, I am over 21 years old, right? This is the authentication. This is the process of verification.

05:54

The third part is the authorization.

05:56

What gives access after have been authenticated.

05:59

Right. So if I met the from at the club, show my driver's license to the bouncer at the front door, Driver Barta, the bouncer says Okay. Yep. You're 21 on it. So at that point, I get access to some of the club, but not all of the club.

06:16

Obviously, I might have access to the club, but I might not have access to the V I P section.