Video Transcript: Goals of Information Security

Hello friends, welcome to Tek Jargon. My name is tender galzy, so today we'll  learn new term related to technology. So without wasting any time, let's get  started. In today's video, we'll talk about the goals of information security. So  let's see what terms we'll be talking about, or what exactly are the goals of  information security. So we'll talk about the CIA triad. We'll talk about  confidentiality, integrity, availability. So these are few terms related to the goals  of information security. So what exactly is CIA triad? CIA, as we often hear, is  commonly referred to the Central Intelligence Agency. But in today's video, we  are not talking about the CIA of us, we'll be talking about the CIA related to  information security. So CIA basically is the foundation, or the guiding security  model for implementation of security policies. If you have gone through the last  video, we had talked about information security as a framework. So we know  that when we want to implement information security, there should be a  framework that can help us implement the best practices and security controls in an organization or anywhere where information needs to be secured. So CIA  triad is that foundation or the guiding model which helps in implementing the  security or implementing the information security policies. Now CIA basically  refers to confidentiality, integrity and availability. C stands for confidentiality, I for  integrity and A for availability. So this is nowhere related to the Central  Intelligence Agency CIA. As you can see, these are the three components that  completes the information security framework. Any one component you remove  the information security framework would be incomplete. Okay? There would be  something missing then. So each of the component is equally important when  we are designing a information security framework. So let's understand these  terms one by one away. So what exactly is confidentiality? In terms of  information security, the confidentiality is something that ensures only authorized users have access to critical information and prevents access to unauthorized  users. That means, if we have some information which is critical, and if we have  ensured that confidentiality is in place, then only the authorized users would be  having access to that particular information, and it will also prevent the access to unauthorized users. So any control, any security measure, any best practices  we have implemented that ensures confidentiality would automatically ensure  that the information is secure from unauthorized access. Confidentiality also  says on the need to know basis, things will work so any information that we  have will be available only on the need to know basis, only those authorized to  know the content should be given access. That is how confidentiality helps us  secure the information you need something, and when you need only, then you  will be having the access to the information. Confidentiality is implemented using various security mechanisms like access control list, usernames, passwords and encryption. Now access control list will be talking about that in the upcoming  videos, but in simple terms, it means that we are defining a list of access  controls who should have access and what kind of access to be given to that 

particular user. Is defined through the access control list usernames and  passwords we are already aware of. So any count you have online or on the  computer, if you want to secure it from anyone else to access, you generally  configure a username and password, a password which is known only to you, so that no one else can access your information. And encryption is again, another  mechanism through which confidentiality can be implemented. Encryption helps  in converting a clear data, a clear text, into some unreadable format, so that only the person who has encrypted would be able to read it back in the clear form.  Okay. Now again, encryption and access control list. We will be discussing this  in the upcoming videos, so if the things are not yet clear, just wait for the  upcoming videos and it will be more clear. Okay. But in short, confidentiality is  achieved through these security mechanisms. What is integrity? Now? Integrity  is something that ensures that information or the data is prevented from getting  tampered, modified or altered without proper authorization. So that means, if  there is some critical information, it should not be tampered. No one should be  able to modify or make changes with the information without having proper  authorization. Only the person who has the authorization, only the user who is  authorized to modify data, should be able to modify the data, and this is ensured through integrating any data sent by a sender to a receiver should be received  in its original form without any alteration or tampering. So if I am sending a mail  to some other user, the receiver on the other side should receive the same mail  as sent by the sender. It should not be a case that I have sent a mail with some  content, but on the receiving side, by the time the receiver receives it, the  content of the mail has already been changed. That could be a problem. So  Integrity ensures that the data which is being sent by the sender to the receiver  is not tampered. Now is integrity achieved? It can be achieved or implemented  using security mechanisms like hashing and encryption. Encryption we talked  about in the previous topic also evidence. Reality, same encryption can also  help in achieving integrity of data also and other mechanisms like hashing. Now  hashing is again a kind of encryption, so once we are able to encrypt the data,  convert the data into a non readable format, any other user, apart from the  actual receiver, would not be able to read it, and hence not able to modify it. The next term of the CIA trade is availability. Availability ensures the information or  data is accessible to authorized users in a timely manner. We learned that  Confidentiality ensures that the information is accessible only to the authorized  users, but it should be available in a timely manner. So when I need it should be  accessible to me, and that is achieved through availability concept. Availability  also ensures that the data is always available. Should not be a case that there is a specific time frame when the data is accessible, no if the data is present, then  all the authorized users should be able to access it as and when needed. On the need to know basis, the backup of critical data and less downtime during  upgrades, along with reliable hardware helps in maintaining availability of data. 

So how is availability achieved? It is achieved by ensuring that we have backup  of critical information. So any data, any information that is critical to the  organization or to the user, there should be proper backups of those particular  data. There should not be only single copy. And also, if there are any updates  being done, or there are any upgrades happening on the organization level, on  the infrastructure level, basically, let's say your computer is installing some  updates, so it should ensure that the update happens in as less possible time as possible, so that there is the least possible downtime. Because if there is a  downtime, that means the data is not available for that particular time period. So the lesser the downtime during those updates, the more availability of data is  maintained, also the hardware should be reliable. So if your data is more critical, the more reliable hardware you should be using for creating backups of data. So if you're talking in terms of an organization, the computers, the servers which  are being used, should be of reliable resources, not just anything. So what are  the security controls for ensuring availability controls like redundant systems,  systems which have least possible downtime and data backups and data  recovery plans. So if an organization has these security controls, then the data  can be available as and when needed. It ensures that the availability of data is  maintained. So in short, confidentiality helps in keeping secrets safe. So if we  have some data which is it needs to be secured, the confidentiality will help in  ensuring the safety of that data, or ensuring that it is safe. Integrity ensures that  the data is accurate. That means there are no changes made to the data. So  this factor would be achieved through integrity and availability. We can say the  resilience improves the availability. So whatever infrastructure we are using for  storing the information, it should be resilient. The more resilient the hardware or  the process of maintaining the data, the less would be the chance of any mis  happenings. So more resilience will improve the availability. So if we want to  understand this, the three pillars of the CIA triad, or the three components of CIA triad, let's consider example of a bank ATM. Now everyone has used a bank  ATM, and it helps the user to access the bank balance and other information,  and also to the ATM we can access the cash. ATM is an example that covers all  these three principles of the CIA triad. Now, how it is achieved? Let's understand ATM provides confidentiality by ensuring that you have a two factor  authentication authentication method, like your pin and also the physical card,  so you can interact with the ATM only when you have your debit card or your  ATM card and along with the pin. So not just the ATM card or not just the pin,  would be useful if you want to interact with the ATM. You can do that only if you  have both of the authentication factors. So in this way, ATM provides the  confidentiality factor. Once you provide both the authentication method, your  confidentiality is checked and then you are able to access the ATM. When you  talk about integrity, how does the ATM enforce integrity? Let's understand so any transfers or withdrawals that you make via the ATM are reflected in your account

in a correct manner. So that means if you are making a transaction using the  ATM. The same is reflected in your account statement in the correct manner. It's  not modified. It's not tampered in that ways. The ATM ensures the integrity of the transactions. The ATM also provides the availability factor, because it is in a  public place and is accessible even when the bank is closed. So even if you  need some cash in the midnight you can get that through the ATM. So the banks have a limited time frame of working, but the ATMs are 24 by seven, so that  ensures the availability factor. So we see that ATM is one of the examples where in the confidentiality, integrity and availability, all three are implemented now for  different organizations or different users. The importance of one of the factors  can be more as compared to the other factors of the CIA triad. So if an  organization has some proprietary information, then confidentiality is more  important as compared to the integrity or availability. So for any organization, the more confidential the information is, or more proprietary information it has, more  stress would be given on the confidentiality factor as compared to integrity. And  availability. Now this doesn't mean that the integrity and availability factor does  not exist. It does exist, but the only point is confidentiality factor would have  more importance for the organization in other cases, like if you take example of  banks. For the banks, integrity of the data is more important. So whatever  transactions are being made in the bank, whether online or offline, the integrity  of that transaction should be maintained properly. So the integrity factor has  more importance as compared to availability or confidentiality. So integrity has  the first priority. Then comes the confidentiality and then we have the availability  factor, because we know that the bank works in a limited time frame. It opens in  the morning, it closes by the evening. So availability is not the factor for them.  The more important factor for the banks would be integrity or confidentiality of  the information. So likewise, every other organization, depending on what kind  of information they are having, what information they are trying to secure, one of the factors would have more priorities as compared to the other factors. But in  overall, wherever there is information security, all these three factors would  come into picture automatically and everyone each of the factor would be  important. So in today's video, we discussed about the CIA triad, wherein we  talked about the three components of CIA that is confidentiality, integrity and  availability. These are the three important principles of information security  model. Like, if you enjoyed watching the video, do like and share the video, and  don't forget to subscribe and press the bell icon to receive updates about the  upcoming videos. And in case of any feedbacks or any comments, you can drop a mail at Tekargon.tj@gmail.com, so that's all for this video. Take care and bye,  bye.