Security Goals

Introduction

Security of Data and Information is crucial for companies and individuals. Suppose coding ninjas lose all the data related to their courses due to some reason. You can think how disastrous it would be. You couldn't learn those skills and couldn't even read this blog right now. We can take another example where you lose all your passwords and data. I am sure you can imagine how that would play out. So we know how critical cybersecurity is. Can you think of the points which need to be kept in mind while building a security system so that you can continue enjoying blogs on coding ninjas? Cybersecurity aims to provide a secure and risk-free environment for keeping the information, devices, and network guarded against any security threat. Let's learn some more about the cybersecurity goals.

Cybersecurity goals

The three fundamental goals of cybersecurity are as follows:

1. Confidentiality: Protect the confidentiality of data by keeping the sensitive data private and accessible to only authorized users.
2. Integrity: Preserve the Integrity of data by protecting it from unauthorized access and ensuring its reliability, completeness, and correctness.
3. Availability: Promote data availability for authorized users as and when required.

These goals form the CIA (Confidentiality, Integrity, and Availability) triad. The CIA triad covers all the significant steps to maintain security goals. Now, we will discuss the CIA triad in detail one by one.

Source

Also read - active and passive attacks

Confidentiality

Confidentiality ensures that data is only accessible to genuine and authorized users. It helps prevent unauthorized access to the data, exploiting the information. Some methods to ensure confidentiality is given below:

• Encrypt the raw data using encryption techniques.
• Use biometric-based access control to authorize genuine users to access the data.
• Multi-Factor Authentication can be used, which reduces the chances of data being exploited.
• Implement firewalls and intrusion detection systems to ensure that no third party can access the data without proper clearance.

Now, we will discuss the tools for confidentiality.

1. Encryption is the technique to convert the data into ciphertext using mathematical methods and a password or key.
2. Access Control: It defines the rules and procedures to limit who can access the system and resources. The users need to produce their credentials to access the system. The credentials can be in any form ranging from id card to biometric information. The non-transferable credentials are the most secure ones.
3. Authentication: It is the confirmation process of the user's credentials to provide access to the system and resources. Authentication can be done using passwords or fingerprints etc.
4. Authorization: It is used to determine whether the user is allowed to access a particular level or not and based on that, the user is granted or refused access. This process is preceded by Authentication. The authorization is checked only for authenticated users.
5. Physical Security: It describes the methods designed to handle the physical threats to the system like theft, vandalism, fire, etc. It keeps the system robust during hardware failures as well.

Integrity

Integrity refers to ensuring that the data is in its original form and not altered during the transmission and reaches the end-user in its correct condition. It provides safeguards from the modification of data by unauthorized users and determines that the source of information is legit. Some methods to ensure integrity are discussed below:

• Back up the data and resources to ensure that data is safe during system failures.
• Set up a version control system to store the logs so that any modifications in the system can be tracked and analyzed whenever needed.
• Use the access control system to avoid any unauthorized modification of the data.
• Make sure that no user can accidentally or intentionally tamper the company data.

Now, we will discuss some tools to maintain the system's integrity.

1. Backups: It is a duplicate archive of the original data and is done periodically to ensure that the data is safe even in case of loss of the actual information or if the files are destroyed. It copies the original data and stores it for emergencies or statistical or historical uses.
2. Checksums: It is a numerical value that is mapped to the contents of the files. This numerical value is then compared, before and after the transmission, to ensure that the data stays the same on both sides. It is designed so that even a tiny change in the file's contents will change its numerical value and determine any data changes.
3. Data Correcting Codes: It is a method to handle the errors during a failed or corrupted data transfer. It automatically corrects any changes that happen in the data during transmission.

Availability

It helps deliver the data as and when authorized users require it without errors like denial of service. The data needs to be constantly available for access. It is the guarantee of the reliability of the data. Let's consider the case of banks where users frequently access their account information and do transactions. If that bank's system gets crashed, the users will not be able to do necessary transactions like paying hospital bills, etc. So it becomes imperative that the data remains constantly available to the users. Some methods used to ensure the availability of the system are discussed below.

• Maintain backup servers which can be used in case of system failures.
• Install firewalls to ensure that the system doesn't get compromised.
• Backups should be placed in geographically isolated places to avoid damages due to any disaster in a particular location.

The tools required to maintain availability are given below:

1. Physical protection refers to safeguarding information to avoid theft or fire, etc. It ensures that the data is housed in a safe place.
2. Computational redundancies: It makes the system tolerant to unwanted modifications or accidental faults. It protects the storage devices that contain data by making a fallback system in case of failures.