Goals of cyber security

Goals of cyber security


With lots of information being generated by an organization today, as we know the world is going digital, every piece of information is more or less stored in a software and as a user we must ensure our data is been stored in a secured website and as an organization it's their responsibility to keep the data confidential, maintain integrity and available as an when required. Most commonly termed as a CIA triad.

Three most important goals of cyber security are as follows : 






Confidentiality - 

The principle of confidentiality ensures that only the sender and the recipient(s) should be able to access the contents of a message. Confidentiality gets compromised if an unauthorized person gets an access to a message.

E.g 
User A wants to send message to user B, another user C gets access to this message which is not desired and thus defeats the purpose of confidentiality. let's say A sends a confidential email to B which is accessed by C without the consent of  A and B. This type of attack is called as interception

Interception causes loss of message confidentiality.






Integrity -

Data integrity ensures that the information is real, accurate and safe from any unauthorized user. Only an authorized entity has right to change, modify, edit the contents of data. If the contents of data are changed after the sender sends it, but before it reaches the intended recipient, we say the integrity of the data is lost.

E.g

Suppose you pay $100 for some goods to be purchased online, when you check your account statement it says $1000 used for that goods, this is the case of loss of message integrity. 

User C tampers data originally sent by user A, which is actually destined for user B. User C somehow manages to access it, changes its contents and sends the changed message to user B. User B has no idea that the message is actually coming from user C and not A. This type of attack is known as modification.





Availability - 

The principle of availability ensures that the data should remain available on time on demand for a user. for e.g due to intentional actions of another unauthorized user C, an authorized user A may not be able to contact a server computer B, this would defeat a principle of availability. This type of attack is known as interruption.

Interruption puts the availability of resources in danger













Comments

Post a Comment

Popular

Ethical hacking terminologies

Image
Ethical Hacking Terminologies  Following is the list of terms that are frequently used in the field of ethical hacking . If you are not aware of these terms then it would be difficult for you to understand the concept of ethical hacking properly. Thus knowing this will ease your process of going further in this domain. Vulnerability -  A weakness, flaw or loophole in a system, network or any device that can be exploited. Threat -  A danger that can exploit an existing bug or vulnerability to compromise the security of a network system. Attack - An action that is done to extract a sensitive data by getting unauthorized access of a system. Phishing - A process where an attacker creates fake website or url which looks like a legit page but it's to trap the user to get sensitive data. Backdoor -  A hidden entry point which can bypass the authentication process i.e logins and passwords also known as trapdoor. Brute
Read more

OSI model

Image
OSI model OSI model is an acronym for Open Systems Interconnection is used to define how data is transferred from one system to another system in a computer network. Now you may ask how a network is formed? If two computers are connected to each other with LAN cables, connectors and Network Interface Card forms a network. Since the designing and infrastructure won't be similar of two computers the OSI model was introduced by ISO(International Organization for Standardization) in 1984 for a successful communication between computers or networks. OSI model consists of  7 different layers 1. Application layer 2. Presentation layer 3. Session layer 4. Transport layer 5. Network layer 6. Data link layer 7. Physical layer Now I'm going to give a mnemonic to remember the OSI model Please-Do-Not-Throw-Sausage-Pizza-Away, easy right? Application layer - Application layer does not include applications like chrome, firefox instead it incl
Read more

Phases of ethical hacking

Image
Phases of Ethical Hacking  In order to be successful in hacking, a hacker needs to follow some steps or you can say phases which involves 5 crucial stages which helps hackers to make a structured ethical hacking attack. Reconnaissance : This is the first phase of hacking   where an attacker gathers as much information as possible. It is also called as footprinting or information gathering. Information that we collect is divided in three groups - network, host, people. There are two types of reconnaissance  - Active & Passive. Active - Direct communication is involved to gather information about the target. Information can be regarding an individual or an organization so anytime if somebody is taking too much interest on you or your background - Be alert! Tools used to scan a network can be Nmap , Hping , etc Passive - Here indirect communication takes place. Information can be gathered using social media websites or public websites. Scanning :  Here an
Read more