Professional Documents
Culture Documents
CSF011G01 - CIA Triad
CSF011G01 - CIA Triad
Welcome to:
Unit 1 - The CIA Triad
Security – Information
Security is a
• Definition process of
protecting
critical
information
along with its
significant
elements,
including
networks and
systems that
use the data at
rest, in use or
in motion
• Explanation
– Information
© Copyright IBM Corporation 2015
Security is not only about securing the system
which receives or sends data, it is about
securing the entire set of assets in an
organization including hardware, software,
people, data, networks and procedures that
make use of information resources that are
available in the organization
• Example
– If we have allowed the usage of pen
drive in the company then leakage of
any information can never be restricted
• Confidentiality
– To prevent the disclosure of information to individuals or group of
individuals who are unauthorized to have access to that information
is called maintaining confidentiality
• Explanation
– Confidentiality means to control or restrict access of critical
information to certain individuals or group of individuals. One of the
crucial principles of confidentiality is “need-to-know” or in other words
“least privileged”
• Example
– An employee not having the appropriate authorization should not be
allowed to view the payroll details or the personal information of
other colleague
Cycle
Strategy
• To develop a strategic information security plan, the
classical information security values of confidentiality,
integrity and availability are integrated into trust-
relationships that is based on certain protocols of data
communication
• An information security strategic plan assists in establishing
an organization's approach towards securing information
• This approach is the collection of various activities that
support as well as protects information
• Effective mechanisms is created to control the security of
the company. It is about managing these mechanisms and
making them operational
• Top Management
• Head of Departments
• Information Security Team
• IT Manager
• System Administrators
Requirements
• Damages due to incidents
• Costs due to implementation of the solutions for
maintaining security
• Neglecting amount for security solution as per incident
Phases
• To calculate the net neglecting amount for all solutions to
implement security
• Calculate incident risk, baseline scenario and total damage
• Calculate Risk-based Return on Investment (RROI)
5. What is Integrity?
– To prevent the disclosure of information to individuals or group of
individuals who are unauthorized to have access to that
information
– To protect the accuracy and completeness of information and
the methods that are used to process and manage it
– It states that an asset must be available when needed by
an authorized entity, if it is accessible and usable
– Every individual who works with an information system should
have specific responsibilities for information assurance
5. What is Integrity?
– To prevent the disclosure of information to individuals or group of
individuals who are unauthorized to have access to that
information
– To protect the accuracy and completeness of information and
the methods that are used to process and manage it
– It states that an asset must be available when needed by
an authorized entity, if it is accessible and usable
– Every individual who works with an information system should
have specific responsibilities for information assurance
6. What is Availability?
– To prevent the disclosure of information to individuals or group of
individuals who are unauthorized to have access to that
information
– To protect the accuracy and completeness of information and
the methods that are used to process and manage it
– It states that an asset must be available when needed by
an authorized entity, if it is accessible and usable
– Every individual who works with an information system should
have specific responsibilities for information assurance
6. What is Availability?
– To prevent the disclosure of information to individuals or group of
individuals who are unauthorized to have access to that
information
– To protect the accuracy and completeness of information and
the methods that are used to process and manage it
– It states that an asset must be available when needed by
an authorized entity, if it is accessible and usable
– Every individual who works with an information system should
have specific responsibilities for information assurance
7. What is Accountability?
– To prevent the disclosure of information to individuals or group of
individuals who are unauthorized to have access to that
information
– To protect the accuracy and completeness of information and
the methods that are used to process and manage it
– It states that an asset must be available when needed by
an authorized entity, if it is accessible and usable
– Every individual who works with an information system should
have specific responsibilities for information assurance
7. What is Accountability?
– To prevent the disclosure of information to individuals or group of
individuals who are unauthorized to have access to that
information
– To protect the accuracy and completeness of information and
the methods that are used to process and manage it
– It states that an asset must be available when needed by
an authorized entity, if it is accessible and usable
– Every individual who works with an information system
should have specific responsibilities for information
assurance