Cybersecurity: From Basics to
Advanced Concepts for IT Higher
Education Students
Chapter 2: Fundamentals of Information
Security
2.1 CIA Triad: Confidentiality, Integrity, and Availability
The CIA triad forms the core principles of information security:
Confidentiality: Ensuring that information is accessible only to those authorized to have
access.
Integrity: Maintaining and assuring the accuracy and completeness of data over its entire
lifecycle.
Availability: Ensuring that information is accessible to authorized users when needed.
These principles guide the development of security policies and measures in organizations.
2.2 Information Security Principles
Key principles that support the CIA triad include:
Least Privilege: Users should only have the minimum levels of access necessary to
perform their jobs.
Defense in Depth: Implementing multiple layers of security controls to protect assets.
Separation of Duties: Dividing critical functions among different individuals to prevent
fraud and errors.
Non-repudiation: Ensuring that a party cannot deny the authenticity of their signature on
a document or the sending of a message that they originated.
2.3 Types of Cyber Threats
Common cyber threats include:
Malware: Viruses, worms, trojans, ransomware, and spyware
Cybersecurity: From Basics to Advanced Concepts for IT Higher Education Students 1
Advanced Concepts for IT Higher
Education Students
Chapter 2: Fundamentals of Information
Security
2.1 CIA Triad: Confidentiality, Integrity, and Availability
The CIA triad forms the core principles of information security:
Confidentiality: Ensuring that information is accessible only to those authorized to have
access.
Integrity: Maintaining and assuring the accuracy and completeness of data over its entire
lifecycle.
Availability: Ensuring that information is accessible to authorized users when needed.
These principles guide the development of security policies and measures in organizations.
2.2 Information Security Principles
Key principles that support the CIA triad include:
Least Privilege: Users should only have the minimum levels of access necessary to
perform their jobs.
Defense in Depth: Implementing multiple layers of security controls to protect assets.
Separation of Duties: Dividing critical functions among different individuals to prevent
fraud and errors.
Non-repudiation: Ensuring that a party cannot deny the authenticity of their signature on
a document or the sending of a message that they originated.
2.3 Types of Cyber Threats
Common cyber threats include:
Malware: Viruses, worms, trojans, ransomware, and spyware
Cybersecurity: From Basics to Advanced Concepts for IT Higher Education Students 1
