Fundamental Goals of Cyber Security

FREE Online Courses: Click, Learn, Succeed, Start Now!

The majority of the business operations run on the internet exposing their data and resources to various cyber threats. Since the data and system resources are the pillars upon which the organization operates, it goes without saying that a threat to these entities is indeed a threat to the organization itself.

A threat can be anywhere between a minor bug in a code to a complex cloud hijacking liability. Risk assessment and estimation of the cost of reconstruction help the organization to stay prepared and to look ahead for potential losses.

Thus knowing and formulating the goals of cybersecurity specific to every organization is crucial in protecting the valuable data.

Cybersecurity is a practice formulated for the protection of sensitive information on the internet and on devices safeguarding them from attack, destruction, or unauthorized access.

The goal of cybersecurity is to ensure a risk-free and secure environment for keeping the data, network and devices guarded against cyber threats. Let us learn more about the Goals of cybersecurity.

What are the goals of Cyber Security?

The ultimate goal of cybersecurity is to protect the information from being stolen or compromised. To achieve this we look at 3 fundamental goals of cybersecurity.

1. Protecting the Confidentiality of data

2. Preserving the Integrity of data

3. Restricting the Availability of data only to authorized users

Here are few steps to maintain these goals

1. Classifying the assets based on their importance and priority. The most important ones are kept secure at all times.

2. Pinning down potential threats.

3. Determining the method of security guards for each threat

4. Monitoring any breaching activities and managing data at rest and data in motion.

5. Iterative maintenance and responding to any issues involved.

6. Updating policies to handle risk, based on the previous assessments.

All of the above aspects can be fit into 3 significant goals known as the “CIA Triad”. So let us jump right in and get started with the CIA concepts in the below section.

What is the CIA Triad?

The CIA Triad is a security model developed to ensure the 3 goals of cybersecurity, which are Confidentiality, Integrity, and Availability of data and the network.

1. Confidentiality

Keeping the sensitive data private and accessible to only authorized users.

2. Integrity

Designed to protect the data from unauthorized access and ensure its reliability, completeness and correctness.

3. Availability

Authorized users can have access to system resources and data as and when they need it.

Goals of CIA Triad

1. Confidentiality

The central idea behind the term confidentiality in the CIA Triad. The CIA Triad ensures that the data is only accessible by genuine authorized users. It helps in preventing disclosure to unintended parties who might exploit the privacy of the user.

Methods to ensure Confidentiality are :

  1. Encryption of raw data
  2. Using biometrics for authentication
  3. Two way or multifactor authentication

Let us say you work as a security engineer for a renowned financial firm with many competitors across the globe. An anonymous entity is trying to access the company’s trade secrets. You must make sure that the confidential information is not accessible to any unauthorized outsiders.

Hence you implement Firewall and intrusion detection systems. This is a typical example of holding the confidentiality of your company.

2. Integrity

Integrity is making sure the data is unaltered during the time of transmission and ensuring it reaches the end-user in the correct form. It maintains the consistency and reliability of data.

Methods to ensure Integrity are :
  1. Making use of user access control to restrict unauthorized modification of files.
  2. Setting up backups to restore data during any system failure.
  3. Version control systems help to identify any modification by tracing the logs.

Now being the same security engineer of the same financial firm, you have to ensure that users are not destroying the data that the company holds.

Some users may accidentally or intentionally alter the database and corrupt the data to cause loss to the firm.

You need to ensure that the backups are in place for implementation during such emergencies.

You may use File Integrity Monitors(FIM) and hashing functions to make sure the data is un-tampered and safe.

3. Availability

The last component of the CIA Triad – Availability helps in delivering resources as and when requested by the user without any intervention like Denial of Service warnings.

Methods to ensure Availability are :
  1. Installing firewalls, proxy servers during downtime.
  2. Locating backups at geographically isolated locations.

Lastly, consider your task this time is to ensure the website of your firm is functioning properly 24/7 without any hindrance.

Organizations that deal with financial transactions cannot take any chances to face downtime as it will cause huge losses, hold the customers’ assets at stake and reduce trust in the organization.

During such times, when the server crashes you need to have a second one that you replace the services and keep the site up and running.

Tools for Achieving CIA Goals

Tools For achieving Cia Goals

1. Tools for Confidentiality

a. Encryption – It is the process of transforming plain data into unreadable cipher data using an encryption key.

b. Access Control – It has rules and policies to limit access to the resources by checking the credentials of users.

c. Authentication – It is the confirmation of the user’s identity for providing access to the resources.

d. Authorisation – Verifies the user’s access level and either grant or refuses resource access.

e. Physical Security – It is required to keep the information available and improve the robustness of the system during hardware failures. It secures business-sensitive information, trade secrets, and customer information.

2. Tools for Integrity

a. Backups – These are duplicate archives of original data.

b. Checksums – It is a computational function that maps the contents of the data to a numerical value to check whether the data is the same before and after the transaction.

c. Error-correcting codes – Method for controlling errors during and unreliable data transfer over noisy channels.

3. Tools for Availability

a. Physical protection – Safeguarding the data against physical challenges like fire or theft.

b. Computational Redundancy – Makes the system fault-tolerant and protects against accidental modification.

To achieve and maintain these goals, good cybersecurity has to consider the following points:

  • A business-specific plan which establishes threats and risk.
  • Policies and procedures for execution when business is under threat.
  • Security training among employees to create awareness.
  • Set security milestones.
  • Consult an expert for advice.

Summary

To summarise, the primary goal of cybersecurity is to ensure the privacy of information, the correctness of data, and access to authorized users.

This brings us to focus on the 3 crucial aspects of security which are confidentiality, integrity, and availability of data collectively known as the CIA Triad. Addressing these three elements is the mantra to a successfully functioning business guarded against any form of cyber threat.

Did you know we work 24x7 to provide you best tutorials
Please encourage us - write a review on Google

follow dataflair on YouTube

Leave a Reply

Your email address will not be published. Required fields are marked *