INTRODUCTION – Examples & Principles of the CIA Triad
Understanding the embers of the CIA Triad concerning all cybersecurity concepts and practices will include components and their relevance in protecting digital assets.
Learning Objectives:
- Define authentication and accountability, with respect to cybersecurity
- Define confidentiality, integrity, and availability-the CIA Triad-in context of cybersecurity and discuss their critical components
- Describe key terms and characters from the Alice and Bob cryptography scenario
FURTHER DISCUSSION OF CONFIDENTIALITY, INTEGRITY AND AVAILABILITY
1. In the Alice, Bob and Trudy examples, who is always portrayed as the intruder?
- Alice
- Bob
- Natasha
- Trudy (CORRECT)
Correct! Middle is the position which is occupied by Alice and Bob’s intruder i.e. Trudy.
2. Which aspect of the CIA Triad would cover preserving authorized restrictions on information access and disclosure?
- Confidentiality (CORRECT)
- Integrity
- Availability
Correct! Access authorization makes sure that only authorized parties have access to the message and keeps it confidential.
3. A message that Bob receives from Alice is genuine and can be verified as such demonstrates which key property?
- Accountability
- Availability
- Authenticity (CORRECT)
- Confidentiality
Correct! This shows that authenticity can be tested through two properties which are the integrity and non-repudiation of the message. Integrity means that the message is not altered, while non-repudiation means that the one who sends a message cannot deny it.
PRINCIPLES OF THE CIA TRIAD
1. The unauthorized disclosure of information would violate which aspect of the CIA Triad?
- Confidentiality (CORRECT)
- Integrity
- Availability
- Authorization
2. Which aspect of the CIA Triad would cover ensuring information non-repudiation and authenticity?
- Confidentiality
- Integrity (CORRECT)
- Availability
- The time window during which data transmission is allowed for a given system.
3. If Trudy intercepts and reads a message that Alice is sending to Bob, and then she deletes it without allowing it to be delivered, which 2 aspects of the CIA Triad have been violated?
- Availability & Integrity
- Availability & Confidentiality (CORRECT)
- Integrity & Confidentiality
- Integrity & Authorization
WHAT IS AAA?
1. Which is the correct order for gaining access to a resource?
- Identification, Authorization, Authentication, Accountability
- Authentication Identification, Authorization, Accountability
- Identification, Authentication, Authorization, Accountability (CORRECT)
- Accountability, Identification, Authentication, Authorization
Correct! If we are to go by the correct order, it is Confidentiality, Integrity, and Availability; the three limbs of the CIA Triad on which cybersecurity practices rest.
2. Which type of method would include “Something you know”, such as a password?
- Accountability
- Authorization
- Authentication (CORRECT)
- Identification
Correct! This is a section of Authentication: Verifying the identity of the user or system so that only authorized entities can access resources.
ACCESS CONTROL
1. Which three (3) are common methods of access control?
- Role Based Access Control (RBAC) (CORRECT)
- Discretionary Access Control (DAC) (CORRECT)
- Perimeter Access Control (PAC)
- CIA Triad Access Control (CTAC)
- Mandatory Access Control (MAC) (CORRECT)
Partially correct! The accessibilities are assigned to roles that link individuals with permissions so that users would have the necessary access to do things that their said roles must perform in an organization.
Partially correct! A DAC aka discretionary access control allows the creator of an object to assign access controls to that object so that he can decide the following: – Who is allowed to access or modify the object.
Partially correct! Mandatory Access Control, which mostly uses labels to restrict as common access control form.
2. Which three (3) items would be considered Physical Access Control methods?
- ork areas (CORRECT)
- Perimetral (CORRECT)
- Building (CORRECT)
- Password policies
- Access Control Lists (ACL)
Partially correct! Locking doors is a physical control method. Physical controls are mechanisms that either prevent or control entry into a physical space with the goal of ensuring its safety and security.
AUTHENTICATION AND ACCESS CONTROL
1. Which statement best describes Discretionary Access Control (DAC)?
- Limits connections to computer networks, system files and data.
- Each object (folder or file) has an owner and the owner defines the rights and privilege. (CORRECT)
- Uses labels to regulate the access.
- Limits access to campuses, buildings, rooms.
2. Which is an example of technical uses of physcial security controls?
- Tokens
- Tramps
- Lists and logs
- All of the above. (CORRECT)
3. Which of the following is NOT an authentication method?
- Something you are
- Something you get (CORRECT)
- Something you have
- Something you know
4. Hamid has access to certain resources because he is a Quality Control Inspector and he has access to other resources because he is the manager of that team. Which form of access control is his company most likely using?
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Role Based Access Control (RBAC) (CORRECT)
- Hierarchical Access Control (HAC)
5. Which type of method would include something you are, such as a fingerprint?
- Authorization
- Accountability
- Authentication (CORRECT)
- Identification
CONCLUSION – Examples & Principles of the CIA Triad
Thus, this module has adequately explained the CIA Triad and its importance in cybersecurity. It focuses on the principles and applications from which practitioners can build a more effective digital asset protection mechanism and strengthen the overall security posture.