Assignment 1.1

CIA Triad in Cybersecurity

The CIA Triad is super important in cybersecurity. It stands for Confidentiality, Integrity, and Availability.

Confidentiality

Confidentiality means keeping things secret No Unauthorized access. Imagine your personal info, like your passwords or bank details, getting into the wrong hands. That's a breach of confidentiality. Companies use things like passwords and encryption to keep your data safe.

Few Methods to Breach Confidentiality:

  • Social Engineering
  • Password cracking
  • Phishing scams
  • Malware attacks
  • Unsecured networks and system
  • Insider threat

Tools Available to Achieve Confidentiality:

  • VeraCrypt
  • TrueCrypt
  • GnuPG
  • xCrypt
  • CipherShed
  • BitLocker

Integrity

Integrity means keeping data accurate and unchanged. Imagine someone changing your grades in a school system—that would mess up data integrity. To protect it, organizations use methods to ensure data hasn't been changed without permission.

Few Methods to Breach Integrity:

  • SQL injection
  • Malware attacks
  • Man-in-the-middle attacks
  • Data tampering

Tools Available to Achieve Integrity:

  • HashCheck
  • astSum
  • md5sum
  • sha1sum
  • SFVChecker
  • QuickSFV

~In short: Check the hash value. On the sender's side, we calculate the hash. If the hash matches at the receiving end, it means nothing was changed. Otherwise, if it doesn't match, it indicates that the data may have been altered during transmission.

Availability

Availability means making sure the data is accessible when needed. Imagine not being able to access your online bank account because the site is down. That's an availability issue. Companies ensure availability by having backups and strong security measures to prevent attacks that can take systems down.

Few Methods to Breach Availability:

  • DDos attack
  • Malware attack
  • Power outages or failures
  • Natural disasters
  • Human error or system failures

Tools Available to Achieve Availability:

  • Firewalls
  • IDS/IPS
  • Regular backups
  • Cloud-based solutions

~In short: Data is available. 24/7

Tools available to do Network Monitoring:

  • Wireshark
  • tcpdump
  • Netcat
  • ngrep
  • Microsoft Network Monitor
  • Fiddler
Back to Index