RETIRED! Exam
Describe confidentiality, integrity, availability (CIA)
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security.
Confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people. Confidentiality ensures that the information remains private. It is accessed only by the authorized people.
Confidentiality ensures that a message is not disclosed to any unintended parties. Note that integrity is to do with the correctness of information, and authorization refers to privileges to access a given resource. Authentication is used in conjunction with validation of a user or a process to login.
Common Security terms:
The US government has classified information into
1. Top secret
2. Secret
3. Confidential depending on the nature of information.
Confidential: Data that has a reasonable probability of causing damage if disclosed to an unauthorized party
Secret: Data that has a reasonable probability of causing serious damage if disclosed to an unauthorized party
Top-secret: Data that has a reasonable probability of causing exceptionally grave damage if disclosed to an unauthorized party
Unclassified: Data that has few or no privacy requirements
Sensitive but unclassified (SBU): Data that could cause embarrassment but not constitute a security threat if revealed
Cisco has recommended organizational information be classified into four classes. These are:
1. Public - Information for public consumption, such as information brochures
2. Sensitive - internal information, such as routine circulars. Public disclosure may cause some inconvenience to the organization, but no threat to the organization.
3. Private - Information that should be kept secret. Disclosure to unauthorized parties may cause some loss to the organization. Examples include formulas and patents.
4. Confidential - Sensitive information such as employee records
According to Cisco, security solutions for an organization may be broadly divided into three categories. These are:
A. Physical security: The following form physical security
B. Administrative security: the following form administrative security
C. Logical security
Usually, people think of only technical solution to information. But, technical solution alone is not sufficient for data security. Administrative and Physical security are also very vital for comprehensive security.
SIEM technology:
Security information and event management (SIEM) combines SIM (security information management) and SEM (security event management) functions into one security management system. A SIM system collects data into a central repository for trend analysis and provides automated reporting for compliance and centralized reporting.
A SIEM system collects logs and other security-related documentation for analysis. Most SIEM systems work by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network and security devices such as firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console, which performs inspections and flags anomalies. To allow the system to identify anomalous events, it's important that the SIEM administrator first creates a profile of the system under normal event conditions.
Given below are the important features of SIEM
1. Log collection of event records from sources throughout the organization provides important diagnostic tools and comply with regulator requirements.
2. Normalization maps log messages from different systems into a common data model, enabling the organization to connect and analyze related events from diverse environments.
3. Correlation links logs and events from disparate systems or applications, speeding detection of and reaction to security threats.
4. Aggregation reduces the volume of event data by consolidating duplicate event records.
5. Reporting presents the correlated, aggregated event data in real-time monitoring and long-term summaries.
