1_General_Security_Concepts

1 General Security Concepts

1.1 The CIA Triad

CIA:

  1. confidentiality(who can see the data)

    1. Preventing unauthorized access

  2. integrity

    1. safeguarding against improper information modification or even destruction. It is a property that data or information has not been altered or damaged in an unauthorized way.

  3. availability(Can this data be used)

    1. Ensure authorized users can access the system and data in a timely and reliable manner.

    2. Example: Ensure the website continues to function normally even when under attack.

1.2 Non-repudiation

Non-repudiation is the property of agreeing to adhere to an obligation, and not repudiating that at some further date and time. More specifically, it is the inability to refute responsibility.

For example, if you take a pen and signed a legal document, your signature is a non-repudiation device.

With repudiation, the sender, for example, when going to a online banking site or an online brokerage firm, cannot say, “I did not send that transfer” because their private key was used to sign the cryptographic hash of the transaction.

1.3 Authentication, Authorization, and Accounting (AAA)

2 Fundamental Security Concepts

3 Practical Cryptography

PreviousCompTIA Security+ 701

Last updated