Cybersecurity Architecture: Fundamentals of
Confidentiality, Integrity, and Availability
Confidentiality and Integrity: Access
Control & Encryption:
Let’s dive into cybersecurity architecture, focusing on the important CIA
triad: Confidentiality, Integrity, and Availability. This triad forms the
foundation of how we protect data and systems. The video began by
reminding us of the five key security principles we learned earlier, and
emphasized avoiding one major pitfall.
Confidentiality: Keeping Information Private
Confidentiality means making sure that only authorized individuals can
access sensitive information. This depends mainly on two key
technologies: authentication and authorization.
Authentication asks: "Who are you?"
Authorization asks: "Are you allowed to do that?"
The video explained this using a simple example.
Example: Alex Tries to Access a Device
Imagine a user named Alex trying to access a device. This device could
be an IoT gadget, a database, or a server. Before he can get access, he
must go through authentication.
Authentication isn’t just about entering a password anymore. Today, we
use multi-factor authentication (MFA) for stronger security. MFA means
Alex has to prove who he is using multiple methods:
Something he knows – like a password or PIN
Something he has – like a smartphone or security token
Something he is – like a fingerprint or facial scan (biometrics)
Once Alex’s identity is confirmed, the system moves on to authorization.
, As the presenter said:
"Just because I know who you are doesn't mean I know what you're
allowed to do."
This is where Role-Based Access Control (RBAC) comes in. Based on
Alex’s role in the organization, the system checks what he’s allowed to
access or do. If his role has permission for that resource, he gets access.
What if Someone Isn’t Authorized?
Now imagine someone who is not authorized trying to access the same
device. They fail the authentication step because they don’t have the
right credentials. If the system is properly set up, it denies their access
immediately.
In Summary
Confidentiality is not just one thing—it’s a layered approach. It
combines:
Strong authentication to verify identity
Precise authorization to control access based on roles
Together, these protect sensitive data from being seen by the wrong
people.
Data Integrity: Detection and
Countermeasures:
Let’s talk about how we protect sensitive data, focusing specifically on
confidentiality and integrity—two key pillars of cybersecurity. The goal is
simple:
Make sure only the right people can see the data (confidentiality),
And make sure the data hasn’t been changed or tampered with
(integrity).
🔒 Access Control: Your First Line of Defence
Think of access control like a bouncer at a club:
Confidentiality, Integrity, and Availability
Confidentiality and Integrity: Access
Control & Encryption:
Let’s dive into cybersecurity architecture, focusing on the important CIA
triad: Confidentiality, Integrity, and Availability. This triad forms the
foundation of how we protect data and systems. The video began by
reminding us of the five key security principles we learned earlier, and
emphasized avoiding one major pitfall.
Confidentiality: Keeping Information Private
Confidentiality means making sure that only authorized individuals can
access sensitive information. This depends mainly on two key
technologies: authentication and authorization.
Authentication asks: "Who are you?"
Authorization asks: "Are you allowed to do that?"
The video explained this using a simple example.
Example: Alex Tries to Access a Device
Imagine a user named Alex trying to access a device. This device could
be an IoT gadget, a database, or a server. Before he can get access, he
must go through authentication.
Authentication isn’t just about entering a password anymore. Today, we
use multi-factor authentication (MFA) for stronger security. MFA means
Alex has to prove who he is using multiple methods:
Something he knows – like a password or PIN
Something he has – like a smartphone or security token
Something he is – like a fingerprint or facial scan (biometrics)
Once Alex’s identity is confirmed, the system moves on to authorization.
, As the presenter said:
"Just because I know who you are doesn't mean I know what you're
allowed to do."
This is where Role-Based Access Control (RBAC) comes in. Based on
Alex’s role in the organization, the system checks what he’s allowed to
access or do. If his role has permission for that resource, he gets access.
What if Someone Isn’t Authorized?
Now imagine someone who is not authorized trying to access the same
device. They fail the authentication step because they don’t have the
right credentials. If the system is properly set up, it denies their access
immediately.
In Summary
Confidentiality is not just one thing—it’s a layered approach. It
combines:
Strong authentication to verify identity
Precise authorization to control access based on roles
Together, these protect sensitive data from being seen by the wrong
people.
Data Integrity: Detection and
Countermeasures:
Let’s talk about how we protect sensitive data, focusing specifically on
confidentiality and integrity—two key pillars of cybersecurity. The goal is
simple:
Make sure only the right people can see the data (confidentiality),
And make sure the data hasn’t been changed or tampered with
(integrity).
🔒 Access Control: Your First Line of Defence
Think of access control like a bouncer at a club:
