In this lesson, we’ll cover:
-
What is cybersecurity?
-
What is the cybersecurity CIA triad?
-
What are authenticity, nonrepudiation and privacy in the context of cybersecurity?
Cybersecurity, also known as information security, is the practice of protecting computer systems, networks, devices, and data from digital attacks, unauthorized access, damage, or theft. The primary goal of cybersecurity is to ensure the confidentiality, integrity, and availability of digital assets and information. Cybersecurity professionals design and implement security controls to protect assets, data and information. As more and more of our lives have become digitized and online, cybersecurity has become a top concern for both private individuals and organizations.
The cyber security triad refers to the model that incorporates the three main considerations for any cybersecurity work or designing a system/environment:
This is the consideration that most people would be familiar with when they think “cybersecurity”: confidentiality is the process of protecting data and information from unauthorized access attempts i.e. only people who need to see information are able to access it. Not all data is created equal though, and data is usually categorized and protected based on how much damage would occur if it were accessed by the wrong people.
Refers to protecting the accuracy and trustworthiness of data contained within environments and not allowing the data to be altered or amended by unauthorized individuals. e.g. a student amends their date of birth on their driver record at the DMV to make them older so they can get their license reprinted with an earlier date of birth to buy alcohol.
This is a consideration across operational IT, but availability is also important for cybersecurity. There are specific types of attacks that target availability that security professionals must protect against (e.g. distributed denial of service – DDoS – attacks).
Cybersecurity CIA Triad
These are additional important concepts that relate to ensuring the security and trustworthiness of systems and data:
Authenticity - refers to the assurance that the information, communication, or entity you are interacting with is genuine and has not been tampered with or altered by unauthorized parties.
Nonrepudiation - is the concept of ensuring that a party cannot deny their involvement or the authenticity of a transaction or communication. It prevents someone from claiming they didn't send a message or perform a particular action when there is evidence to the contrary.
Privacy - refers to the protection of sensitive and personally identifiable information from unauthorized access, use, disclosure, or manipulation. It involves controlling who has access to personal data and how that data is collected, stored, and shared.
What Is Information Security (InfoSec)? | Microsoft Security