core cybersecurity goals

Cybersecurity is focused on three main goals, often abbreviated as CIA:

  • Confidentiality: Ensuring that sensitive information is accessible only to those authorized to see it.
  • Integrity: Protecting information from being altered in unauthorized ways. This involves maintaining data accuracy and trustworthiness.
  • Availability: Ensuring that information and systems are available to authorized users when needed.

Deep dive in details.

1. Confidentiality

Protect sensitive information so that only authorized individuals can access it. This includes personal information, financial data, and proprietary business information.

Implementation Methods:

  • Encryption: Encrypting data makes it unreadable to unauthorized users. For example, when you shop online, your payment information is encrypted using protocols like HTTPS, ensuring only the retailer can access it.
  • Access Control: Setting up permissions and restrictions. For instance, in a company, HR staff may have access to payroll data, but general employees do not.
  • Multi-Factor Authentication (MFA): Requiring users to verify their identity with two or more steps. An online banking app may require a password and a code sent to your phone, adding extra protection.
  • Data Masking: Replacing sensitive information with symbols or random characters. This is common in customer service; agents might see “***” instead of your full credit card number.

Example: In healthcare, systems like electronic health records (EHR) use strong access controls and encryption. Only authorized medical staff can access a patient’s medical history, ensuring confidentiality.

2. Integrity

Ensure data accuracy and consistency throughout its lifecycle. This means data cannot be altered in unauthorized ways.

Implementation Methods:

  • Checksums and Hashing: Hashing algorithms like SHA-256 create a unique digital fingerprint for data. When a file is downloaded, a checksum verifies that the data has not been altered. If even one bit changes, the hash will differ, indicating possible tampering.
  • Digital Signatures: Used to verify the authenticity and integrity of data, such as software updates. A signed email from a legitimate source has a digital signature, which users can verify before trusting the content.
  • Version Control: This is crucial in software development to track changes. GitHub, for instance, allows developers to track and revert changes if something is altered unintentionally or maliciously.

Example: In financial transactions, integrity is key. Banks use checksums in transaction records and balance calculations to ensure there are no unauthorized modifications. If any discrepancy is found, it triggers an alert.

3. Availability

Ensure that information and systems are available when needed by authorized users. This is essential for businesses and critical systems.

Implementation Methods:

  • Redundancy: Having backup systems or data storage. Cloud services often replicate data across multiple locations, so if one server fails, another can take over.
  • Load Balancing: Distributing network traffic across multiple servers to prevent any single server from becoming overloaded, improving uptime and responsiveness.
  • Regular Backups: Creating backups ensures data can be quickly restored after incidents like ransomware attacks or accidental deletion.
  • Disaster Recovery Plans: Preparing a step-by-step plan for responding to disruptions (natural disasters, cyber-attacks) to minimize downtime and data loss.

Example: In online banking, high availability is essential. Banks use load balancing and backups to make sure users can access their accounts 24/7, even if one server is under maintenance or attacked.