The purpose of cybersecurity is to protect information from theft, compromise, and attack. Cybersecurity can be measured by at least one of the following three cybersecurity goals:
- Confidential data protection.
- Preserve the integrity of the data.
- Encourage the availability of data to those who are allowed.
The cybersecurity goals are the confidentiality, integrity, and availability (CIA) triad, which is the foundation of every security program. The CIA Triad is a security model designed to guide information security policies across an organization or corporate campus. This model is also known as the AIC (Availability, Integrity, Confidentiality) triad to avoid confusion with the Central Intelligence Agency. The elements of the triad are considered to be the three most important elements of security.
CIA standards are the standards that most organizations and businesses use when installing new applications, creating databases, or ensuring access to certain data. All these security features should be enabled to keep your data completely safe. All of these security policies work together, so ignoring any one policy could be a mistake.
What have the cybersecurity goals (the CIA) tried?
1. Confidentiality
Confidentiality is roughly equivalent to privacy and protects against unauthorized disclosure of information. This includes data security, providing access to the data only to those authorized to view it, and preventing others from learning about its contents. Prevent important information from reaching the wrong people, and ensure it reaches the right people. Data encryption is a good example of ensuring privacy.
Tools for Confidentiality
Encryption
Encryption is a method of using algorithms to transform information so that it cannot be read by unauthorized users. A private key (encryption key) is used to transform the data, so the transformed data can only be read using another private key (decryption key). Protect sensitive data such as credit card numbers by encoding the data into unreadable cipher text. This encrypted data can only be read by decrypting it. Asymmetric key and symmetric key are the two main types of encryption.
Access control
Access control defines rules and policies to restrict access to systems or physical or virtual resources. It is the process of granting users access and specific privileges to systems, resources, or information. Access control systems require users to present credentials, such as a person’s name or computer serial number, before they are granted access. On physical systems, these credentials can come in a variety of formats, but credentials that cannot be transferred provide the highest security.
Authentication
Authentication is the process of ensuring and confirming a user’s identity or role. This can be done in a number of ways, but is usually based on a combination of:
- Something the person has (such as a smart card or wireless key to store the private key);
- Something the person knows (such as a password),
- Something that is a person (such as a person with fingerprints).
Authentication is essential for all organizations as it helps keep the network secure by allowing only authenticated users to access protected resources. These resources may include computer systems, networks, databases, websites, and other network-based applications and services.
Authorization
Authorization is a security mechanism that gives permission to do something. It is used to determine which individuals or systems are allowed to access resources such as computer programs, files, services, data, and application functionality based on access control policies. This typically occurs before authentication to verify the user’s identity. System administrators are typically assigned a privilege level that covers all system and user resources. During authorization, the system validates the access rules of the authenticated user and grants or denies access to the resource.
Physical Security
Physical security refers to measures designed to prevent damage to IT assets such as facilities, equipment, personnel, resources, and other assets by unauthorized access. Protect these assets from physical threats such as theft, vandalism, fire, and natural disasters.
Also, you should know more about cybersecurity:
2. Integrity
Integrity refers to how you ensure that data is authentic, accurate, and protected from unauthorized changes by users. The nature of the information is that it has not been altered in any unauthorized manner and the source is authentic.
Tools for Integrity
Backups
Backup is the periodic collection of data. It is the process of creating a copy of data or data files for use in case the original data or data files are lost or destroyed. It is also used to make copies for historical purposes such as long-term research, statistics, historical records, and to meet data retention policy requirements. Many applications, especially in Windows environments, create backup files using the .BAK file extension.
Checksums
A checksum is a numerical value used to verify the integrity of a file or data transfer. In other words, it is a function calculation that maps the contents of a file to a number. These are typically used to compare two data sets to ensure that they are similar. Checksum functions depend on the entire contents of the file. It is designed so that small changes to the input file (such as flipping a single bit) are likely to result in different output values.
Data Correcting Codes
It is a way of storing data in such a way that small changes can be easily detected and automatically corrected.
3. Availability
Availability refers to the ability of authorized individuals to access and change information in a timely manner. This ensures reliable and continuous access to our sensitive data by authorized personnel.
Tools for Availability
- Physical Protections
- Computational Redundancies
Physical Protections
Physical security means keeping information available even in the event of physical problems. This ensures that confidential information and critical information technology are kept in a secure area.
follow me : Twitter, Facebook, LinkedIn, Instagram
4 thoughts on “Cybersecurity Goals: 3 major objectives of cybersecurity”
Comments are closed.