Scribd
Upload
3K views19 pages

Ciaaa Confidentiality, Integrity, Availability, Authentication and Authorization

The document discusses the key concepts of confidentiality, integrity, availability (CIA), authentication, and authorization as they relate to information security. It defines each concept, provides examples of threats and security controls, and explains that the CIA model forms the basis of protecting critical organizational assets from various risks and vulnerabilities. The document is presented as part of an introduction to these fundamental information security principles.

Uploaded by

Manzu Pokharel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3K views19 pages

Ciaaa Confidentiality, Integrity, Availability, Authentication and Authorization

The document discusses the key concepts of confidentiality, integrity, availability (CIA), authentication, and authorization as they relate to information security. It defines each concept, provides examples of threats and security controls, and explains that the CIA model forms the basis of protecting critical organizational assets from various risks and vulnerabilities. The document is presented as part of an introduction to these fundamental information security principles.

Uploaded by

Manzu Pokharel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

CIAAA

Confidentiality, Integrity,
Availability, Authentication and
Authorization

Presented by: Januka kandel


Presented to: Roshan kandel
Table of content
• Introduction of CIA
• Confidentality
• Integrity
• Avalibility
• Authentication
• Autherization
• Conclusion
• References

2
CIA
• The CIA Traid or CIA security model

* Stands for Confidentiality, Integrity


and Availability.
* An attack aganist either or several of the
elements of the CIA traid is an attack against the Information Security of
the organization.
* Protecting the CIA traid means protecting the assets of the company.

3
What is Confidentality? Cont.
• Only authorized users should gain access to information.
• Failing to protect data confidentiality can be disastrous for an
orginazation.
• Information must be protected when it is used, shared, transmitted, and
stored.
• Information must be protected from unauthorized users both internally
and externally.
• Information must be protected whether it is in digital or paper format.

4
What is Confidentality? Cont.
• The threats to confidentiality must be identified.
They include:
- Hackers and hacktivists
- Shoulder surfing
- Lack of shredding of paper doucments
- Malicious Code ( Virus, Worms, Trojans)
- Unauthorized employee activity
- Improper access control

5
Some information security basics to keep
data confidential are:
• Encryption
• Password
• Two-factor authentication
• Biometric verification

6
What is Integrity? Cont.
• Protecting data, processes, or systems from intentional or accidental
unathorized modification
• Integrity involves maintaining the consistency and trustworthiness of
data over its entire life cycle.
* Data integrity
* System integrity

7
What is Integrity? Cont.
• Threats to data integrity include:
- Human error
- Hackers
- Unauthorized user activity
- Improper access control
- Malicious code

8
Some security controls designed to maintain
the integrity of information include:
• Encryption
• User access controls
• Version control
• Backup and recovery procedures
• Error detection software

9
What is Availability? Cont.
• The assurance that the data and systems are accessible when needed
by authorized users.
• A risk assessment should be conducted to more efficiently protect data
availability.

10
What is Availability? Cont.
• Threats to data availability include:
- Natural disaster
- Hardware failures
- Programming errors
- Human errors
- Malicious code
- Temporary or permanent loss of key personnel
- Loss of power

11
Information security measures for mitigating
threats to data availability include:
• Off-site backups
• Disaster recovery
• Redundancy
• Failover
• Proper monitoring
• Environmental controls
• Server clustering
• Continuity of operations planning

12
Who is Responsible for CIA?
• Information owner
* An official with enacted or operational authority for special
information.
* Has the responsibility for ensuring information is protected from
creation through destruction.
• Information custodian
* Maintain the systems that store, process, and transmit the
information securly.

13
What is Authentication?
• Authentication is the cornerstone of the most network security models.
• It is positive identification of the person or system seeking access to
secured information or system.
• Examples of authentication models:
* User ID and password combination
* Tokens
* Biometric devices

14
What is Autherization?
• Act of granting users or systems actual access to information
resources.
• The level of access may change based on the user's defined level.
• Examples of access level include the following:
* Read only
* Read and write
* Full

15
Conclusion
• The CIA security traid, authentication and authorization are an
important security concept because all security controls, mechanisms,
and safeguards are implemented to provide one or more of these
protection types. All risks, threats, and vulnerabilities are measured for
their potential capability to compromise one or all of the CIA triad
principles. This triad is the basis for creating a holistic security plan to
protect all of our organization’s critical and sensitive assets.

16
References
• www.difenda.com
• www.veracode.com
• www.brighttalk.com
• www.auth0.com

17
18
19

You might also like