Understanding the CIA triad |Episode #2|
Hello and Welcome back, my aspiring hackers to our Pentesting series, where we learn pentesting and infosec from scratch. In the last episode, we discuss the term “hacker” and the types associated with it. If you haven’t check that out, I would highly recommend you to do it by clicking HERE.
Today we will learn about the Information security concepts on which data is being stored, and processed. This concept is popularly known as the CIA triad, where C stands for Confidentiality, I stands for Integrity, and A stands for Availability. These three the main concepts but in reality, it comprises of five parts. So let’s see and understand them in detail.
- Confidentiality – It ensures that the data is only available to the authorized party. What that means is that data should be accessible to the rightful owner and user of that data and not to everybody or the one who is not supposed to see or use it. It is kept confidential by using encryption and other means like a password to protect data confidentiality.
- Integrity – It ensures that the data presented is genuine and authorized and it guarantees the data is not tampered with or stolen. Like if someone has changed the origin and truthfulness of data, like in a data breach. This is done by mathematical checksums and other techniques.
- Availability – It ensures that the data should be available to the authorized users when needed. Like in the case of a malware attack or a DDOS attack on the system.
- Authenticity – It guarantees data being genuine and uncorrupted. To provide authenticity various methods like biometric authentication, Smart Cards, Passwords are used for the authentication of data.
- Non-Repudiation – It ensures that whatever data is being sent, the sender and receiver can’t deny it later. It is regulated by the use of digital signatures between the sender and the receiver.
So, this was the famous CIA triad, or I would say CIAAN of the information security. Hope you get to know, the underlying concepts of information technology, in the next episode, we will take a deep dive into the cyber kill chain methodology which is used by an attacker to penetrate the target system. Till then, Keep hacking and I will greet you in the next episode, Bye.