Professional Documents
Culture Documents
domain 1
domain 1
module 1 :
understand the concepts of information security :
THE CIA TRIAD : ConfidentIality Integrity Availability
*Confidentality : - confidentality means that no private information has been
disclosed to unauthorized individuals;
- confidality is hard balance to achieve , that's why we need
data classification!
- personally identifiable information (PII) as name , adresse,
etc ...
- protected \ personal health information (PHI) as medical
histories , test and laboratry results , etc ...
*INTEGRITY ()النزاهة:- integrity ensures that this information is not being corrupted
or changed without the information owner's permission .
*Availability : - means that authorized users have access to important information
in a timely manner .
example of the CIA TRIAD :
/My bank account's information to be confidential
/No one can change my information unless authorized
/The banking system , online website and app are always available
security termonology :
*Authentication : - authentication is a process to prove the identity of the
requestor;
- methods of authentication : passwords (you know) , smart cards
(you have ) , biometrics (you are ) ...
-types of authentications : /single-factor authentication (SFA)
/multi-factor authentication (MFA)
*Authorization : - authorization is the function of specifying access
rights/privileges to resources
- authentication is confirming the identity of the subject, once a
subject has been authenticated , the system cheks its AUTHORIZATION to see if it is
allowed to complete the action it is attempting
*Non-repudiation : -the protection against an individual falsely denying having
performed a particular action (created , altered , observed , or transmitted
data ).
*Privacy : - The right of an idividual to control the distrubition of information
about themselves
- Privacy vs Security --> Privacy refers to the user's ability to
control, access , and regulate their personal information , and SECURITY refers to
the system that protects that data from getting into the wrong hands
- GDPR general data protection regulation