From the course: Ethical Hacking: Introduction to Ethical Hacking
Recognizing elements of information security
From the course: Ethical Hacking: Introduction to Ethical Hacking
Recognizing elements of information security
- [Instructor] To protect an organization's digital assets, there are several services required. In this segment, we'll review the concept of ensuring confidentiality, integrity, and availability of data. One of the basic principles of providing a secure system is to manage risk and protect sensitive information. The goal is to keep data private, unchanged, and available, which is also referred to the CIA Triad, a widely recognized information assurance model. In this graphic, we see how the three concepts overlap and protect data, whether in motion or at rest. We ensure confidentiality, integrity, and availability by using various techniques that include logical controls such as access control lists and intrusion detection systems. In addition, we use various cryptographic techniques such as hashing, digital certificates, and encryption. Examples of sensitive information can include social security numbers, credit card information, or account numbers, or business information such as financial data, employee records, and trade secrets. Let's break down each of these concepts, starting with confidentiality. Confidentiality is the promise of keeping private information private by preventing unauthorized disclosure. One example of a violation of confidentiality would be a malicious actor gaining access to a server and reading government emails. One thing to keep in mind is that it's not always evident that an organization has suffered a data breach. Therefore, individuals and businesses should take steps to ensure confidentiality by allowing only authorized individuals, processes or devices to access the data. In order to protect confidentiality, we use access control, firewalls, and encryption. Integrity ensures data has not been changed, destroyed, or lost in an unauthorized or accidental manner. An example of a violation of integrity would be a student going into the grade book and changing his or her algebra grade from a C to an A. To protect against violations of integrity, monitor the network for unusual or suspicious activity. Strong audit policy should be in place and use software intrusion detection systems such as Tripwire, to monitor checksums for unauthorized changes. In order to protect integrity, we use access control, secure backups and hashing. Availability is where services are accessible and available to authorized users or processes in an information infrastructure. An attack against availability would be a denial of service attack, which sends multiple requests to a system in an effort to interrupt or suspend services to legitimate users. In order to protect availability, use a layered approach that includes backups, failover systems, and disaster recovery plans. Now let's test your knowledge. Review the importance of ensuring data confidentiality, integrity, and availability. You can record your answer on the challenge worksheet.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.