CIA Triad & Advanced Threat Analysis PDF

Summary

This document explains the CIA triad, a model used to guide policies for information security within an organization. The triad consists of three key components: confidentiality, integrity, and availability. It describes how each component safeguards data.

Full Transcript

Understanding the CIA
Triad & Advanced Threat
Analysis E P O T
R

CSU-A
 Introduction to the CIA Triad
The CIA Triad is a model designed to guide policies for
information security within an organization.
The three components are: Confidentiality, Integrity, and
Availability.
It serves as a foundational concept in the field of Information
Security.

CSU-A
 Ensures that sensitive
information is accessed
1. only by authorized
CONFIDENTIA individuals.
Methods include
LITY encryption, access
controls, and network
security measures.
Breaches of
confidentiality can lead
to data theft and loss of
CSU-A
 For example, information confidentiality is more
important than integrity or availability in the case
of proprietary information of a company. Also,
confidentiality is the most important when the
information is a record of people’s personal
activities, such as in cases involving personal and
financial information of the customers of
companies like Google, Amazon, Apple, and
Walmart. To guarantee confidentiality under the
CIA triad, communications channels must be
properly monitored and controlled to prevent
CSU-A

unauthorized access.
Further, anything that restricts access to data falls
under confidentiality. This comprises two:
a. Authentication – it allows the system to verify if
a user is who they say they are. These include
passwords and other strategies available for
establishing identity like biometrics, security
tokens, cryptographic keys and etc
b. Public – key cryptography is a wide spread
infrastructure that enforce both As: by
authenticating that you are who you say you are
via cryptographic keys, you establish your right to
CSU-A
 Ensures that information
is in a format that is true
and correct to its original
2. INTEGRITY purposes.
Maintains the accuracy
and reliability of data.
Involves protecting data
from being altered or
tampered with.
Tools used include
CSU-A
checksums, digital
signatures, and audit
For example, banks are more concerned about
the integrity of financial records, with
confidentiality having only second priority.
Some bank account holders or depositors leave
ATM receipts unchecked and hanging around
after withdrawing cash. This shows that
confidentiality does not have the highest
priority. Instead, the goal of integrity is the
most important in information security in the
banking system. To guarantee integrity under
CSU-A

the CIA triad, information must be protected
 Ensures that data and
resources are available to
authorized users when
3. needed.
AVAILABILITY Involves maintaining
hardware, performing
regular updates, and
implementing disaster
recovery plans.
Attacks on availability
CSU-A
include DDoS attacks and
system failures.
The classic example of a loss of availability to a
malicious actor is a denial-of-service attack. In
some ways, this is the most brute force act of
cyber aggression out there: you're not altering
your victim's data or sneaking a peek at
information you shouldn't have; you're just
overwhelming them with traffic so they can't
keep their website up. But DoS attacks are very
damaging, and that illustrates why availability
CSU-A

belongs in the triad
A bank ATM offers users access to bank balances and
other information. An ATM has tools that cover all
three principles of the triad:
1. It provides confidentiality by requiring two-factor
authentication (both a physical card and a PIN
code) before allowing access to data.
2. The ATM and bank software enforce data integrity
by ensuring that any transfers or withdrawals made
via the machine are reflected in the accounting for
the user's bank account.
3. The machine provides availability because it's in a
public place and is accessible 24/7 even when the
CSU-A

bank branch is closed.
A bank ATM offers users access to bank balances and
other information. An ATM has tools that cover all
three principles of the triad:
1. It provides confidentiality by requiring two-factor
authentication (both a physical card and a PIN
code) before allowing access to data.
2. The ATM and bank software enforce data integrity
by ensuring that any transfers or withdrawals made
via the machine are reflected in the accounting for
the user's bank account.
3. The machine provides availability because it's in a
public place and is accessible 24/7 even when the
CSU-A

bank branch is closed.
 THREATS TO
CONFIDENTIALITY
1. Unauthorized access- Hacking, Insider
Threat, Phishing attack
2. Data Leakage- Accidental Sharing, Poor
Disposal practice
3. Eavesdropping- Network Sniffing, Man in
the Middle (MitM) Attack.
4. Malware-
5. Weak Encryption- Inadequate Encryption
Standards
CSU-A
 THREATS TO
1. Data BreachesINTEGRITY
and Tampering- Unauthorized
Modification, Insider Threats
2. Malware and Viruses- Ransomware, Trojan
Horses.
3. Man-in-the-Middle (MitM) Attacks- Data
Interception and Alteration
4. SQL Injection- Database Compromise
5. Configuration Errors- Misconfigured Systems,
Improper Access Controls
6. Human Error- Accidental Deletion or
 THREATS TO
AVAILABILITY
1. Distributed Denial of Service (DDoS) Attacks-
Overwhelming Traffic, Botnets
2. Hardware Failures
3. Software Failures
4. Natural Disasters
5. Human Error
6. Network Issues:
7. Maintenance and Updates
 Assess the likelihood of
CONFIDEN unauthorized access (e.g., weak
passwords, lack of multi-factor
TILITY authentication).
THREAT Review access controls and audit
logs.
ANALYSIS Evaluate the use of encryption
and data masking techniques.

CSU-A 4/22
 Check for proper input validation
INTEGRITY and error-handling mechanisms.
THREAT Review database and file

ANALYSIS integrity monitoring systems.
Investigate how cryptographic
hashing and checksums are
used to detect alterations.
CSU-A 4/22
 Evaluate the resilience of
AVAILABILI systems, including backup and
TY THREAT recovery processes.
Check for redundancy in critical
ANALYSIS systems (e.g., network, power,
storage).
Analyze disaster recovery and
incident response plans.

CSU-A 4/22
 GENERAL STEPS TO
1. Identify ANALYZE
Assets: Determine THREATS
the systems, data, and
resources that need protection.
2. Assess Vulnerabilities: Identify weaknesses that could
be exploited by threats for each component of the CIA
triad.
3. Evaluate Threats: Consider potential attackers,
environmental factors, and internal risks that could
compromise confidentiality, integrity, or availability.
4. Prioritize Risks: Rank threats based on the likelihood
and potential impact on each aspect of the CIA triad.
5. Implement Controls: Apply appropriate security
measures (e.g., encryption, firewalls, monitoring tools)
 THANK YOU
meow

CSU-A 22/22
 NETWORK
AUTHENTICATION SYSTEM
E P O T
R

CSU-A
 It is a process of verifying the

Network identity of a device or user
trying to access a network.
Authenticat It typically involves
ion validating credentials such
as usernames, passwords,
certificates, or security
tokens before granting
access
CSU-A 4/22
TRANSMITION CONTROL PROTOCOL /
INTERNET PROTOCOL (TCP/IP)
It was created by the Department of Defense (DoD) to
ensure and preserve data integrity, as well as to
maintain communication of catastrophic war.

TCP/IP provides the foundation for communication
between devices on a network, but by itself, it doesn't
provide authentication. Network authentication adds
a security layer to TCP/IP-based networks, ensuring
that only authorized users or devices can access
network resources, thus protecting sensitive data and
 TCP/IP and the DoD Model
The DoD model is basically a condensed version of
(Open System Interconnection) OSI Model– it’s
composed of four instead of seven layers:
 It defines protocols for node-to-
PROCESS/ node application communication
APPLICATIO and also controls user-interface
specification.
N
Provides network services and
enables user applicationto
interact with the network

CSU-A 4/22
 Defining protocols for the setting
HOST-TO- up the level transmission
HOST services for applications.

It tackles issues such as creating
reliable end-to-end
communication and ensuring
error free delivery pf data

CSU-A 4/22
INTERNET It takes care of the addressing of
host by giving them an IP
address, and it handle the routing
packets among multiple
networks.

CSU-A 4/22
NETWORK Monitors the data exchange
ACCESS between the host and the
network.

Transmitting raw data over
physical networks

CSU-A 4/22
Applications and
services used in
IP Networks
 Is the chameleon of protocols- its
specialty is terminal emulation
TELNET It allows user on remote client
machine, called the telnet client, to
access the resources on another
machine, the telnet server
telnet offers no security or
encryption and is being replaced by
Secure Shell (SSH) when security
across the remote-configuration is
needed
CSU-A 4/22
 Is the protocol that lets you transfer
files across an IP networks.

FILE Common Uses of FTP:
Website Management: Web
TRANSFER developers often use FTP to
upload files to a web server.
PROTOCOL File Sharing: FTP is used in
businesses and organizations to
(FTP) exchange large files that are too
big for email.
Data Backup: FTP is also used
for backing up files to remote
CSU-A 4/22 servers.
 translates human-readable
domain names (like
DOMAIN www.example.com) into
machine-readable IP
NAME addresses (like 192.0.2.1).
DNS acts as the
SERVICE "phonebook" of the internet,
enabling users to access
(DNS) websites, services, and
resources without needing to
remember complex
CSU-A 4/22
numerical addresses.
SECURE Is need when you need to
transfer the file over an encrypted
FILE connection
TRANSPORT
PROTOCOL It uses an SSH session which
encrypts the connection
(SFTP)
CSU-A 4/22
SECURE Is need when you need to
transfer the file over an encrypted
FILE connection
TRANSPORT
PROTOCOL It uses an SSH session which
encrypts the connection
(SFTP)
CSU-A 4/22
Comparison to FTP and FTPS:
SFTP vs. FTP: While FTP sends data in plain
text and is insecure, SFTP encrypts both the
command and data streams, providing full
confidentiality.
SFTP vs. FTPS: FTPS (FTP Secure) adds
security to traditional FTP by using SSL/TLS
for encryption. However, FTPS still uses
multiple ports (which can be tricky with
firewalls), while SFTP uses a single port and is
generally easier to configure securely.