1 00:00:00,640 --> 00:00:02,630 The CIA triad. 2 00:00:02,630 --> 00:00:05,430 There are three components that lay the foundation 3 00:00:05,430 --> 00:00:08,640 for most of what we're going to cover inside this course. 4 00:00:08,640 --> 00:00:11,360 We call this the CIA triad. 5 00:00:11,360 --> 00:00:14,890 Those three components are confidentiality, integrity, 6 00:00:14,890 --> 00:00:18,160 and availability, and when we have all three of those, 7 00:00:18,160 --> 00:00:20,490 it means that our data and our information 8 00:00:20,490 --> 00:00:22,260 has good security. 9 00:00:22,260 --> 00:00:25,680 But if I lose one of those, that becomes a vulnerability, 10 00:00:25,680 --> 00:00:27,690 and an attacker could exploit it. 11 00:00:27,690 --> 00:00:31,170 Now, let's look at each of those inside of this lesson. 12 00:00:31,170 --> 00:00:33,450 The first is confidentiality. 13 00:00:33,450 --> 00:00:35,930 Confidentiality ensures that the information 14 00:00:35,930 --> 00:00:38,960 has not been disclosed to unauthorized people. 15 00:00:38,960 --> 00:00:40,550 Let's pretend that you had a document, 16 00:00:40,550 --> 00:00:42,530 and you wanted to make sure that nobody could read it 17 00:00:42,530 --> 00:00:43,870 except for you. 18 00:00:43,870 --> 00:00:45,570 How are you going to protect it? 19 00:00:45,570 --> 00:00:46,870 Well, in the physical world, 20 00:00:46,870 --> 00:00:50,190 you'd take it and put it in an envelope, seal the envelope, 21 00:00:50,190 --> 00:00:51,600 put it in your filing cabinet, 22 00:00:51,600 --> 00:00:53,760 and lock the filing cabinet with a key. 23 00:00:53,760 --> 00:00:56,350 That would ensure that only somebody who had the key 24 00:00:56,350 --> 00:00:57,790 could read that file. 25 00:00:57,790 --> 00:01:00,240 This is going to give you good confidentiality. 26 00:01:00,240 --> 00:01:01,590 Now, in the digital world, 27 00:01:01,590 --> 00:01:03,370 we wouldn't do it with a physical key. 28 00:01:03,370 --> 00:01:06,450 Instead, we would use things like a public or a private key, 29 00:01:06,450 --> 00:01:07,930 and encryption algorithms, 30 00:01:07,930 --> 00:01:09,170 and we're going to discuss both of those 31 00:01:09,170 --> 00:01:11,110 later on in this course. 32 00:01:11,110 --> 00:01:12,120 So in this course, 33 00:01:12,120 --> 00:01:14,720 what I want you to remember is any time you hear encryption, 34 00:01:14,720 --> 00:01:17,600 you should automatically be thinking confidentiality, 35 00:01:17,600 --> 00:01:19,270 because if you're using encryption, 36 00:01:19,270 --> 00:01:21,600 you're making sure the file or the system 37 00:01:21,600 --> 00:01:23,980 has good confidentiality. 38 00:01:23,980 --> 00:01:25,940 Let's put this another way. 39 00:01:25,940 --> 00:01:28,090 Let's say you wanted to look at your bank balance, 40 00:01:28,090 --> 00:01:29,700 but you wanted to make sure that only you 41 00:01:29,700 --> 00:01:31,360 could look at that bank balance. 42 00:01:31,360 --> 00:01:32,620 How could you do that? 43 00:01:32,620 --> 00:01:34,580 Well, you might use a password, 44 00:01:34,580 --> 00:01:37,210 and that password would authenticate you to the server 45 00:01:37,210 --> 00:01:40,320 to allow only you to be able to see your bank balance. 46 00:01:40,320 --> 00:01:41,470 Now, you could go in 47 00:01:41,470 --> 00:01:43,970 and you could change that balance as much as you wanted, 48 00:01:43,970 --> 00:01:46,230 but only you are allowed to view it. 49 00:01:46,230 --> 00:01:48,410 That still maintains confidentiality, 50 00:01:48,410 --> 00:01:52,220 but it does bring us to another problem, which is integrity. 51 00:01:52,220 --> 00:01:54,540 Integrity means that we're focused on ensuring 52 00:01:54,540 --> 00:01:57,710 that the information has not been modified or altered 53 00:01:57,710 --> 00:01:59,720 without proper authorization. 54 00:01:59,720 --> 00:02:01,900 So let's go back to the example I just gave you 55 00:02:01,900 --> 00:02:03,500 of looking at your bank balance. 56 00:02:03,500 --> 00:02:05,510 If you're able to sign into your bank account, 57 00:02:05,510 --> 00:02:06,800 see that balance, 58 00:02:06,800 --> 00:02:08,270 that means that you've already passed 59 00:02:08,270 --> 00:02:09,870 the confidentiality test. 60 00:02:09,870 --> 00:02:12,530 If you have the right key, or in this case, your password, 61 00:02:12,530 --> 00:02:13,600 you could do that, 62 00:02:13,600 --> 00:02:16,790 but you can't go in and go change your bank balance. 63 00:02:16,790 --> 00:02:19,620 If you could, that would be a breach of integrity, 64 00:02:19,620 --> 00:02:21,910 because data was being modified by you 65 00:02:21,910 --> 00:02:23,580 and you're not supposed to have the ability 66 00:02:23,580 --> 00:02:25,670 to modify your bank balance. 67 00:02:25,670 --> 00:02:28,800 Only the bank has the authorization to do that. 68 00:02:28,800 --> 00:02:30,560 Let's look at it a different way. 69 00:02:30,560 --> 00:02:33,120 Let's say that you had $10,000 in your checking account, 70 00:02:33,120 --> 00:02:35,820 and a bank teller decided to change that without permission 71 00:02:35,820 --> 00:02:37,500 and she made it $10. 72 00:02:37,500 --> 00:02:39,970 You would be pretty upset with that breach of integrity, 73 00:02:39,970 --> 00:02:40,803 wouldn't you? 74 00:02:40,803 --> 00:02:42,040 I know I would. 75 00:02:42,040 --> 00:02:43,720 This is what we're talking about with integrity. 76 00:02:43,720 --> 00:02:47,050 We want to make sure the value that's there, stays there 77 00:02:47,050 --> 00:02:49,650 unless it's changed by an authorized person. 78 00:02:49,650 --> 00:02:51,020 When we talk about integrity, 79 00:02:51,020 --> 00:02:53,370 the thing that's going to come up time and time again 80 00:02:53,370 --> 00:02:55,280 is a thing called hashes, 81 00:02:55,280 --> 00:02:56,480 and we'll talk about hashes 82 00:02:56,480 --> 00:02:58,110 when we get into the cryptography lesson 83 00:02:58,110 --> 00:02:59,960 later on in this course. 84 00:02:59,960 --> 00:03:02,580 The third component we have is availability. 85 00:03:02,580 --> 00:03:04,640 Availability is focused on ensuring 86 00:03:04,640 --> 00:03:07,840 that the information is able to be accessed, stored, 87 00:03:07,840 --> 00:03:09,940 or protected at all times. 88 00:03:09,940 --> 00:03:11,780 So going back to our bank example, 89 00:03:11,780 --> 00:03:13,600 if I wanted to go to my bank right now 90 00:03:13,600 --> 00:03:16,260 and go to their website and look at my bank balance, 91 00:03:16,260 --> 00:03:18,540 I had to have the right key, my password, 92 00:03:18,540 --> 00:03:20,530 to ensure I had good confidentiality, 93 00:03:20,530 --> 00:03:21,540 and when I get there, 94 00:03:21,540 --> 00:03:23,620 the data value should not have changed, 95 00:03:23,620 --> 00:03:25,600 that says that I still have $10 in my account 96 00:03:25,600 --> 00:03:26,810 that I had yesterday. 97 00:03:26,810 --> 00:03:28,250 That's good integrity. 98 00:03:28,250 --> 00:03:30,390 But what happens if I go to bank.com 99 00:03:30,390 --> 00:03:32,790 and I get a webpage that's not available? 100 00:03:32,790 --> 00:03:34,990 Well, that means I've lost availability. 101 00:03:34,990 --> 00:03:36,220 I can't access the data. 102 00:03:36,220 --> 00:03:38,680 I don't know how much is in my checking account, and so, 103 00:03:38,680 --> 00:03:41,550 while maybe maintaining confidentiality and integrity, 104 00:03:41,550 --> 00:03:43,200 if there's zero availability, 105 00:03:43,200 --> 00:03:46,440 it becomes no use to me as a consumer, 106 00:03:46,440 --> 00:03:48,910 and that's why these three things are very important 107 00:03:48,910 --> 00:03:51,740 as they work together to provide us with usable systems 108 00:03:51,740 --> 00:03:54,803 that have confidentiality, integrity, and availability.