8.2.1 CIA Triad

avatar
Created by
Dylan Tappenden

Cards (21)

  • CIA is confidentiality, integrity, and availability
  • Confidentiality is protecting info from unauthorised access. It's essentially about keeping private data private, such as encrypting it or requiring authentication.
  • Integrity is assuring data is trustworthy and accurate, and is unmodified by unauthorised actors.
  • Data integrity is ensured with checksums, hash functions, and digital signatures
  • Data availability is ensuring that data can be accessed when it needs to be by an authorised user
  • Data availability needs good data recovery policies, strong systems, and good security
  • Important cybersecurity terms list:
    Security - keeping assets safe
    Identity - who a person is
    threat - Something that poses a risk to an asset
    Vulnerability - something that can be exploited to more easily attack assets
    Risk management - weighing the need for protection vs the cost of
  • Risk management is the process of identifying, assessing, and mitigating risks
  • Vulnerability are weaknesses that can be exploited by a threat
  • Threats are things that can exploit a vulnerability
  • Threats include threat actors but also?
    Employee mistake, and natural disasters
  • Security is safeguarding digital assets, using protocols and systems to prevent unauthorised access
  • The CIA triad helps for information security
  • Risk management often involves weighing risk against potential damage
  • The average cost to a company suffering a data breach is around £8,000.
  • 6 things that can occur if the CIA triad is not upheld:
    Data loss
    Financial loss
    Damage to image
    Reduction in productivity
    Legal action
    Disruption
  • Which aspect of cybersecurity is about making decisions to protect compnany assets?
    risk management
  • Which of the following is a typical measure used to ensure data integrity?
    Password protection
    Checksum
    Data encryption
    Two-factor authentication
    Checksum
  • Which of the following strategies is NOT typically used to ensure data confidentiality?
    Passwords
    Encryption
    Two-factor authentication
    Hash functions
    Hash functions
  • Which of the following strategies is NOT typically used to ensure data availability?
    Data encryption
    Redundant systems
    Backups
    Robust infrastructure
    Data encryption
  • What is the principle of least privelege?
    Users should only be granted minimum permissions needed to perform their job