Understanding Fundamental Security Concepts

"Computer security seeks to prevent unauthorised viewing (confidentiality) or modification (integrity) of data while preserving access (availability)."

When we think about what makes our computers valuable, it’s more than just the hardware or software, they are essential tools because they store, process, and transmit data we rely on. But what ensures this data is secure? The answer lies in three fundamental principles that underpin cybersecurity: Confidentiality, Integrity, and Availability, commonly known as the CIA Triad.

• Confidentiality focuses on restricting unauthorised access to sensitive data - Who can access your data?

• Integrity ensures that information remains accurate and unaltered - Was your data touched without your consent?

• Availability guarantees that data and systems are accessible to authorised users when needed - Is your data accessible whenever you need it?

However, as crucial as these principles are, they focus primarily on what needs to be protected. To effectively implement security and achieve the goals of the CIA Triad, we need a framework that defines how access to systems and data is managed. This is where AAA comes in.

• Authentication verifies identity - Are you who you claim you are?

• Authorisation defines what resources users can access - What actions can you take?

• Accounting tracks and logs user activities for auditing - Are your actions traceable?

• Finally, comes None-repudiation:

• Non-repudiation: This ensures that the sender of a message cannot deny sending it and the recipient cannot deny receiving it - You cannot deny what you have done.

#comptiasecurity

#infosec