Staying Safe In A Digital World
Cyber security introduction + The CIA triad
The internet has become an integral part of today’s generation of people. With the growing use of the internet by people, protecting important information has become a necessity. They are aware that failing to do so can pose a threat to their very existence in today’s digital world.
Cybersecurity is the state or process of protecting and recovering networks, devices, and programs from any type of cyberattack. Cyberattacks are an evolving danger to organizations, employees, and consumers. They may be designed to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage your financial and personal lives — especially if you’re the victim of identity theft.
How is cybersecurity achieved? Through an infrastructure that’s divided into three key components: IT security, cybersecurity, and computer security.
- Information technology (IT) security, also known as electronic information security, is the protection of data both where it is stored and while moving through a network. While cybersecurity only protects digital data, IT security protects both digital and physical data from intruders.
- Cybersecurity is a subset of IT security. While IT security protects both physical and digital data, cybersecurity protects the digital data on your networks, computers and devices from unauthorized access, attack and destruction.
- Network security, or computer security, is a subset of cybersecurity. This type of security uses hardware and software to protect any data that are sent through your computer and other devices to the network.
In order to be better protected, it’s important to know the different types of cybersecurity.
Type of Cybersecurity
- Application Security: The use of both software and hardware to ensure that applications are protected from external threats, even when in development.
- Information Security: InfoSec refers to protecting your data or the data belonging to clients whether stored or in transit. It involves protecting data in any form, digital or otherwise, from (unrestricted) access, manipulation, destruction, or disclosure/ distribution.
- Operational Security: These are the processes involved when dealing with data security. Handling, access permissions, networking, data transmission, and data storage.
- Network Security: This all the processes involved in ensuring that the network is protected from unauthorized access and external intrusions.
- Endpoint Security: While remote access is a necessary component of workflows and business models nowadays, endpoint security ensures that it does not become a liability.
- Infrastructure Security: This covers the physical aspects of computer infrastructure like a well-regulated power delivery system, good physical security, fire extinguishers, and the like.
- Cloud Security: Cloud services are being incorporated into more business models and as such, need to be well configured to prevent any successful attacks.
The CIA triad defined
Have you heard of the CIA Triad? Are you still confused about exactly what it is? If so, you aren’t alone. Here you can find more information about the CIA Triad, what it does and the role it plays.
The CIA triad, not to be confused with the Central Intelligence Agency, is a concept model used for information security. CIA stands for confidentiality, integrity, and availability. It is common practice within any industry to make these three ideas the foundation of security.
- Confidentiality: Only authorized users and processes should be able to access or modify data.
- Integrity: Data should be maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously.
- Availability: Authorized users should be able to access data whenever they need to do so.
It’s instructive to think about the CIA triad as a way to make sense of the bewildering array of security software, services, and techniques that are in the marketplace. Rather than just throwing money and consultants at the vague “problem” of “cybersecurity,” we can ask focused questions as we plan and spend money:
In addition, arranging these three concepts in a triad makes it clear that they exist, in many cases, in tension with one another. We’ll dig deeper into some examples in a moment, but some contrasts are obvious: Requiring elaborate authentication for data access may help ensure its confidentiality, but it can also mean that some people who have the right to see that data may find it difficult to do so, thus reducing availability. Keeping the CIA triad in mind as you establish information security policies forces a team to make productive decisions about which of the three elements are most important for specific sets of data and for the organization as a whole.
CIA triad examples
To understand how the CIA triad works in practice, consider the example of a bank ATM, which can offer users access to bank balances and other information. An ATM has tools that cover all three principles of the triad:
- It provides confidentiality by requiring two-factor authentication (both a physical card and a PIN code) before allowing access to data
- The ATM and bank software enforce data integrity by ensuring that any transfers or withdrawals made via the machine are reflected in the accounting for the user’s bank account
- The machine provides availability because it’s in a public place and is accessible even when the bank branch is closed
Thank you very much for reading!
We will meet with another valuable article. Till then, stay safe…