Cybersecurity Goals

Intro

The primary goal of cybersecurity is to ensure the privacy of information, the correctness of data, and access to authorized users. Although protecting sensitive information from unauthorized disclosure is on element of cybersecurity, it’s not the only one. This brings us to focus on the 3 crucial aspects of security which are confidentiality, integrity, and availability of data collectively known as the CIA Triad

CIA Triad

Confidentiality : Ensures that unauthorized actors are not able to gain access to sensitive information. Preventive methods include, firewalls, ACLs, encryption.

Integrity : Ensures that there are no unauthorized modifications to information or systems. Protective measures against alteration include, hashing, setting up backups to restore data during any system failure, using a user access control to restrict unauthorized modification of files.

Availability : Ensures that information and systems are ready to be delivered when requested by legitimate users. Availability controls include, fault tolerance, clustering, backups, infrastructure redundancy.

Since the characteristics we just described above are the elements that a cybersecurity program seeks to protect, attackers therefore seek to undermine these exact same characteristics and achieve three corresponding goals, know as the DAD triad.

DAD Triad

Disclosure : Seeks to gain unauthorized access to information or systems.

Alteration : Seeks to make unauthorized changes to information or systems.

Denial (of service) : Seeks to prevent legitimate users from accessing information, services or systems.