Cyber Security For Beginners: Part 2
Hey guys, welcome back to Part 2 of Cyber Security For Beginners blog series.
In the previous blog, we only discussed about the mere basics of cyber security and its importance. We defined cyber security and the importance of data in the modern digital world.
In this blog, we are going to cover 3 important concepts in Cyber Security. These concepts are together known as the CIA triad.
No, we are not talking about the intelligence agency. CIA, in Cyber Security, stands for Confidentiality, Integrity and Availability. We cannot move forward without explaining these core terms and their importance.
Before we begin, we are just going to cover how these concepts came to be and how they are associated with data security. These concepts are related to how data is handled, stored and transmitted. Wherever information security is implemented, these concepts need to be ensured for the proper protection and use of any kind of data. To explain these concepts, we are employing one of the most common examples you will find over the internet. We are going to use three persons, namely Alice, Bob and the “Attacker”.
Confidentiality
Confidentiality simply means that whatever data we transmit across the internet, or any other network for that matter, should be received and understood only by the intended person/receiver. In other terms, the data should be confidential and not readable to others.
In the above example, Alice is sending a message to Bob. Say, the attacker is sitting between them in a way that he can view the messages being sent by actively sniffing the traffic. We will get into the details about this in a later blog where we will discuss the attack performed in this case (Man-in-the-middle attack). If the attacker is able to view the message which is intended for Bob, he is indeed violating the confidentiality of the message. In other words, the message which was intended for Bob is now being read by another person to whom it is not addressed. To ensure confidentiality of the data, we employ a concept called encryption. You might or might not have heard about this before, but we are not going to delve too much into it right now as it is beyond the scope of this particular blog.
To be brief, what encryption does is, it takes the data to be transmitted, obfuscates it using some key and then sends it to the receiver. The receiver can only decrypt it using the key. Anyone sniffing the traffic can only view the encrypted content, not the actual data. There are different types of encryption, which we will discuss in detail in another blog.
Integrity
Integrity refers to the trustworthiness and accuracy of the data, either in transit, storage, or under process. So, applying this principle in cyber security, it simply means that data should not be altered by unauthorized persons/entities.
The most common method for ensuring the integrity of data is hashing. Hashing is the process of converting a plain text( data ) to a hashed text, called as a hash digest, by passing the data through hashing algorithms. In the above example, when Alice wants to ensure that data does not get altered by anyone else,she uses a hash algorithm to create a hash digest for the data to be sent. Then, she transmits both the data and its hash to Bob. At the receiving end, Bob creates a new hash for the received hash and compares it with the hash provided by Alice. If they are equal, it means that the data has not undergone any change. If they are not equal, it indicates that someone or something altered the data while in transit. This is just a typical example of how hashing is used to ensure integrity of data. We will be covering more on hashing and the different types of hashes in the coming blogs.
Availability
As the term implies, availability means that data should available to the people in need as and when they require it.
Availability of data is important to ensure that data is available under any circumstances. This is done by implementing concurrency, creating backups of data, providing reliable storage of data etc. It also guarantees that data would be accessible in the case of accidents due to human or natural disasters. From a cyber security point of view, we can also say that availability of data means that if and when data is made unavailable due to various cyber threats, the organisation is responsible for maintaining its availability. There are different methods to ensure proper availability of data such as backups, RAID systems etc. Again, as you might have guessed, we will talking about this in detail in later chapters of this series.
That’s it! Now we have covered the CIA triad and its association with Cyber Security. It is never enough to just depend on a single piece of resource for learning various things. Do your own research and learn more about these to make sure these information are “available” with you, if and when you require them.
Good luck and see you in the next part!
Additional Resources:
More on CIA triad -
