-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
76 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| --- | ||
| title: "CIA Triad" | ||
| layout: post | ||
| categories: | ||
| - cybersecurity | ||
| - tech | ||
| --- | ||
|
|
||
| ### CIA Triad | ||
| - Confidentiality, Integrity, Availability | ||
|
|
||
| #### Confidentiality | ||
| - Example: Preventing the wrong people from seeing account details, personal information, or balance. | ||
| - Protect information from unauthorized access or disclosure | ||
|
|
||
| #### Integrity | ||
| - Preventing the wrong people from changing your account details or any personal information or data. | ||
| - Maintaining the accuracy and consistency of data. | ||
|
|
||
| #### Availability | ||
| - Ensuring your money as well as access to your account remains available when it should be. | ||
| - Making sure resources are accessible when required. | ||
|
|
||
| ---- | ||
|
|
||
| ### Security Controls | ||
|
|
||
| - Measures put in place to protect information and systems from unauthorized access, modification, or disruption. | ||
|
|
||
| #### Confidentiality | ||
| - Padlocks, Encryption, Access Controls | ||
|
|
||
| #### Integrity | ||
| - Integrity Monitoring, Hashing | ||
|
|
||
| #### Availability | ||
| - Load Balancing, Clustering, Hot Sites, Backups, Redundancy | ||
|
|
||
| ---- | ||
|
|
||
| ### Advanced Persistent Threats (APTs) | ||
| - APT groups are well-funded and highly skilled organizations that engage in cyber warfare on a global scale. | ||
| - APTs are often state-sponsored and operate with a singular focus to compromise target networks. | ||
|
|
||
| ---- | ||
|
|
||
| ### Cybersecurity Risk | ||
| - Likelihood of a threat exploiting a vulnerability to cause harm to a system or organization. | ||
|
|
||
| ##### How To Deal With Risk | ||
| - Avoid | ||
| - Mitigate | ||
| - Transfer | ||
| - Accept | ||
|
|
||
| #### Threat | ||
| - A potential bad thing that could happen | ||
| - Ex. Data breach | ||
|
|
||
| #### Exploit | ||
| - A method used to take advantage of a vulnerability | ||
| - Ex. Software exploits, Ease of trespass due to no fence | ||
|
|
||
| #### Vulnerability | ||
| - A weakness in a system | ||
| - Ex. Unpatched OS, no fence no locks | ||
|
|
||
| ### Threats VS Threat Actors | ||
| - Threat: Potential event or action | ||
| - Threat Actor: individual, group, or entity that carries out a threat | ||
|
|
||
| ##### Threat Examples | ||
| - Ransomeware, Phishing, Malware, DDoS, Data Breach | ||
| ##### Threat Actors | ||
| - Hackers, APT Groups, Insiders, Criminal Groups, Competitors | ||
|
|