Hello, and welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to start a three part series on the CIA Triad, the very foundation of cybersecurity. As the cybersecurity realm continues to grow and expand many thinks of the subject matter as extremely complex and they have no idea where to start. So that is what we’re going to go over today and over the subsequent two more TomCasts.
So, the CIA triad. What the heck is that and what does it mean? Ok, it isn’t some underground cult or secret code, it is simply a way to remember what the foundations of cybersecurity are. Think of a triangle first; each point of the triangle is part of the triad. The C stands for Confidentiality, the I stands for Integrity, and the A stands for Availability. This triad has nothing to do with a particular government agency that could be listening at the moment.
We are going to focus on that first letter today, the letter C. Confidentiality. Confidentiality is a security concept, again, one of the foundational ones within cybersecurity, that is about the measures or mechanisms used to protect the secrecy of information. That information can be data, can be resources, or can be physical or logical objects. The idea here is to ensure that only those that are supposed to access this information CAN access this information.
Confidentiality is about protecting unauthorized access and about preventing disclosure. Think about it for a moment. What does confidential mean to you? Private? Secret? That is precisely why the concept of confidentiality is required, to keep that private or secret information safe from outside access and outside disclosure.
Now, the rather simple explanation of confidentiality can rapidly spiral into a much more complex discussion. There are several sub-concepts involved with confidentiality that include the following:
- Sensitivity – this surrounds the overall quality of the information which, if disclosed, could cause damage or harm.
- Privacy – this surrounds information that could be personally identifiable and could, if disclosed, result in harm or disgrace.
- Secrecy – This is a more basic concept surrounding keeping something secret and preventing disclosure.
- Discretion – This dives into the will of the individual that could influence disclosure to reduce damage or harm.
- Criticality – There are multiple levels of information criticality within an organization; this concept helps convey how higher levels may require confidentiality.
- Concealment – This concept surrounds the action of hiding or distracting to prevent disclosure.
- Seclusion – This concept is about keeping information (or whatever needs to remain protected) in a remote/secondary location with strict access control.
- Isolation – This, similar to seclusion, keeps the confidential information separated away from other factors.
So, as you just heard, confidentiality can quickly dive a lot deeper into more complex subjects depending on what you are attempting to protect. But, in contrast, you can see why this is one of the foundations of cybersecurity overall.
If you are trying to start a cybersecurity career, do some research on the CIA triad and learn about the various concepts associated. If you are just wanting to learn more about what is involved within cybersecurity, that is also an excellent starting point. Take a piece at a time; the entire cybersecurity realm can quickly overwhelm even seasoned IT professionals.
If you are with an organization trying to figure out their own cyber posture, or trying to determine whether or not confidentiality was broken somehow, reach out to the folks here at GuardSight! That is one of the many topics we specialize in, and we would be more than happy to help you. Understanding the threat, understanding the cause of a data compromise, or simply understanding why these foundational concepts are important can help anyone increase their levels of security and safety.
Many thanks to the writers of the Sybex CISSP Official Study Guide, ninth edition, where a good amount of this material was pulled from. Thank you, Mr. Chapple, Mr. Stewart, and Mr. Gibson!
We here at GuardSight thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight can do for you, head on over to www.guardsight.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!