Key properties of Cybersecurity
When we say cybersecurity, we refer to the comprehensive protection of computer devices, networks, hardware, software and all data and information.
This can be effectively summarised through two components. The CIA model which describes important goals of cybersecurity, and AAA which describes a method through which cybersecurity is achieved.
Confidentiality
Cybersecurity requires privacy in data and information. Certain people, devices, or processes should be permitted or restricted from seeing data, files, and items, like username, password combinations, medical records, etc. Confidentiality is concerned with viewing of data or information because if the wrong people see data or information they are not authorised, many problems could arise.
TL;DR “Information is gathered properly (e.g. by amount of damage that could be done). Prevent unauthorised reading of data”
Integrity
Cybersecurity requires us to feel safe that data transmitted, processed, and stored has not been changed from its original form either accidentally or maliciously. For example, if one bit of a message is change, the whole message could change. Also, the whole message could be corrupted or unreadable.
TL;DR “Data has not been maliciously altered. Concerned with unauthorised writing of data”
Availability
Availability guarantees that with all the cybersecurity measures in place for dealing with hardware, software, people, processes and more, users who are authorised to do their job should be able to do so. It requires that authorised users should be able to access the resources they need to do their job with easy while ensuring that the system have full tolerance and load balancing in the event of cybersecurity incident or disaster.
TL;DR “Data/services available as expected. Covers many environmental, accidental or malicious attacks and includes denial of service (DOS) attacks”
Authentication
The process of proving that you are who you say you are. When you claim to be someone, that is called identification; but when you prove it, that is authentication. Authentication requires proof in one of three possible forms: something you know, like a password; something you have, like a key; something you are, like fingerprint. The combination of more than one of these categories is called multifactor authentication. Multifactor authentication makes it hard to authenticate as someone else.
TL;DR Data or services available only to authorised entities. Allows access to some, denies to others. characterised as:
- Something you have : entry card, phone
- Something you know : password, mothers maiden name
- Something you are : signature, fingerprint”
Authorisation
Providing correct level of access that a user should have based on their credentials. This is tied to the principle of least privilege, which state that users, devices, programs and processes should be granted enough permission to do their required functions and not a single drop more. Any authorisation beyond the normal job function opens the door for either accidental or malicious violations of confidentiality, integrity and availability.
TL;DR “Specifying exact access rights or privileges to resources. Prevents accidental or malicious violations of ‘CIA’ ”
Accounting
Keeping track of what users do while they are logged into a system. Keeping track of users and their actions is very important. From a forensics perspective, tracing back to events leading up to a cybersecurity incident can prove very valuable to an investigation.
TL;DR “Actions recorded and can be traced to party responsible”
Bonus! — Anonymity
Somewhat dual to Accounting and Authentication. Important for whistleblowing.
Alice may wants to say something very private to Bob. She wants that Bob believes it comes from her, but does not want Bob to be able to convince a third party that she said such a thing or that they spoke at all. Additionally, she may want to authenticate as a government official but keep her identity hidden.
Nweke, Livinus. (2017). Using the CIA and AAA Models to explain Cybersecurity Activities.
