compTIA-Security

Posted filed under CISSP, CompTIA Security+.

What’s CIA?

CIA (in this context, of course) stands for Confidentiality, Integrity, and Availability. These are the three tenets or cornerstones of information security objectives. Virtually all practices within the umbrella called “Information Security” are designed to provide these objectives. They are relatively simple to understand and common-sense notions, yet the Security+ exam writers love to test on CIA concepts. So, you should understand CIA very well in order to understand the reasoning behind later practices as well as to ace this portion of the exam.

 

 

Confidentiality

Confidentiality refers to the idea that information should only be accessible to its intended recipients and those authorized to receive the information. All other parties should not be able to access the information. This is a pretty common and straight-forward idea; the US government for example marks certain items “Top Secret,” which means that only those who are cleared to see that information can actually view it. In this way, the government is achieving information confidentiality. Another common example is the sharing of a secret between two friends. When the friends tell each other the secret, they usually whisper so that nobody else can hear what they are saying. The friends are also achieving confidentiality.

 

Integrity

Integrity is the idea that information should arrive at a destination as it was sent. In other words, the information should not be tampered with or otherwise altered. Sometimes, secret information may be sent in a locked box. This is to ensure both confidentiality and integrity: it ensures confidentiality by assuring that only those with a key can open it; it ensures integrity by assuring that the information is not able to be altered during delivery. Similarly, government documents are often sealed with some sort of special stamp that is unique to an office or branch of government. In this way, the government ensures that the people reading the documents know that the document is in fact a government document and not a phony.

 

Availability

Imagine that a terrorist blocks the entrance to the Library of Congress. Though he did not necessarily destroy the integrity of the books inside nor did he breach confidentiality, he did do something to negatively affect the security of the Library. We deem his actions a “denial of service,” or more appropriately, a denial of availability. Availability refers to the idea that information should be available to those authorized to use it. When a hacker floods a web server with erroneous requests and the web server goes down as a result of it, he denied availability to the users of the server, and thus, one of the major tenets of information security have been compromised.

 

**Source by wikipedia**
To Become Cretified For CompTIA Security+ Please Visit This Link ;

Comments are closed.