CIA TriadJuly 17, 2024 CIA Triad Confidentiality, Integrity, Availability Confidentiality Example: Preventing the wrong people from seeing account details, personal information, or balance. Protect information from unauthorized access or disclosure Integrity Preventing the wrong people from changing your account details or any personal information or data. Maintaining the accuracy and consistency of data. Availability Ensuring your money as well as access to your account remains available when it should be. Making sure resources are accessible when required. Security Controls Measures put in place to protect information and systems from unauthorized access, modification, or disruption. Confidentiality Padlocks, Encryption, Access Controls Integrity Integrity Monitoring, Hashing Availability Load Balancing, Clustering, Hot Sites, Backups, Redundancy Advanced Persistent Threats (APTs) APT groups are well-funded and highly skilled organizations that engage in cyber warfare on a global scale. APTs are often state-sponsored and operate with a singular focus to compromise target networks. Cybersecurity Risk Likelihood of a threat exploiting a vulnerability to cause harm to a system or organization. How To Deal With Risk Avoid Mitigate Transfer Accept Threat A potential bad thing that could happen Ex. Data breach Exploit A method used to take advantage of a vulnerability Ex. Software exploits, Ease of trespass due to no fence Vulnerability A weakness in a system Ex. Unpatched OS, no fence no locks Threats VS Threat Actors Threat: Potential event or action Threat Actor: individual, group, or entity that carries out a threat Threat Examples Ransomeware, Phishing, Malware, DDoS, Data Breach Threat Actors Hackers, APT Groups, Insiders, Criminal Groups, Competitors