CISSP Domain 1: Security and Rick Management

  CISSP

Section 9 – The CIA Triad

The CIA Triad (aka AIC)

  • Confidentiality
    • Keep our secret secret and only allow access to those who need it.
  • Integrity
    • How do you know someone didn’t alter your data?
  • Availability
    • Ensure the data is available to people that need it when they need it

Confidentiality

  • Data at rest (storage)
    • Cryptography (Encryption) – very quick and light weight
  • Data in motion (transit)
    • SSL, TLS, IPSEC
  • Data in use
    • Clean Desk
      • no password stickys
      • flip confidential pages upside down
      • shred after use
      • Training is important
    • no shoulder surfing
    • PC locking
    • Monitor masks (viewing angles)

Confidentiality Threats

  • Social engineering
  • Key Loggers
  • Cameras
  • Stenography
    • Hiding malicious code in an image
  • IOT
    • Compromise a smart tv, thermostat to gain access to a network

Integrity

  • Cryptography
  • Check Sum (CRC)

5:37

 

LEAVE A COMMENT