Scribd
Upload
1 views

Unit 1-D

The document discusses the CIA triad, which consists of Confidentiality, Integrity, and Availability, as essential components of information security. It also highlights the importance of Critical Infrastructure Security (CIS) in protecting vital systems and networks, with examples of cyber attacks on various sectors such as energy, dams, and transportation. The document emphasizes the need for organizations to implement security measures to safeguard against potential threats.

Uploaded by

Richa Agarwal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
1 views

Unit 1-D

The document discusses the CIA triad, which consists of Confidentiality, Integrity, and Availability, as essential components of information security. It also highlights the importance of Critical Infrastructure Security (CIS) in protecting vital systems and networks, with examples of cyber attacks on various sectors such as energy, dams, and transportation. The document emphasizes the need for organizations to implement security measures to safeguard against potential threats.

Uploaded by

Richa Agarwal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Unit 1-D

Cyber Security
CIA Triad

 Confidentiality, Integrity, and Availability.

 These are the three core components of the CIA triad.

 CIA triad is an information security model meant to guide


an organization’s security procedures and policies.
CIA triad has three components:

 Confidentiality: Confidentiality has to do with keeping an


organization’s data private. This often means that only
authorized users and processes should be able to access or
modify data.

 Integrity: Integrity means that data can be trusted. It should


be maintained in a correct state, kept so that it may not be
tampered with, and should be correct, authentic, and reliable.

 Availability: Data should be available to authorized users


whenever they require it. This means keeping systems,
networks, and devices up and running.

 DDoS (Distributed Denial of Service) attacks rely on limited


availability, for example. For this reason, creating a DDoS
response plan and redundancy in your systems is a way of
ensuring availability.
E-Commerce site –Case
study
 Confidentiality: When you log in, you’re asked for a
password. If it’s been a while since your last log-in,
you may be asked to input a code that’s been sent to
you or some other form of two-factor authentication.

 Integrity: Data integrity is provided by making sure


your purchases are reflected in your account and
allowing you to contact a representative if there’s a
discrepancy.

 Availability: You can log into your account whenever


you want, and you may even be able to contact
customer support at any time of the day or night.
Critical Infrastructure Security(CIS)

 Critical infrastructure security is the area of protection of


systems, networks and assets whose continuous operation is
deemed necessary to ensure the security of a given nation,
its economy, and the public’s health and/or safety.

 In the United States, the Department of Homeland Security


(DHS) has identified 16 sectors involving critical
infrastructure, including energy, communications,
transportation, financial services, food and agriculture.
Some Examples of CIS
The Energy Services Sector –A cyber attack in 2015 took
out the energy grid in Ukraine for more than 225,000 people
by using spear phishing emails.
According to United States government officials, none of the
industrial power grids can be connected to the Internet to
prevent cyber-attacks from occurring.
The Dams Sector-In 2016, an Iranian nation state
committed a cyber-attack against the United States at the
Rye Brook Dam in New York.
The hackers accessed industrial control systems within the
dam but were fortunately unable to release the water behind
the dam due to scheduled maintenance.
However, this could have been a disaster waiting to happen
with just a few clicks.
 The Water and Wastewater Systems Sector-

In 2016, hackers took control of US water authority


company’s cellular routers for an extended period. They were
able to rack up a big bill in usage – roughly from $300 per
month to $45,000 in December and $53,000 in January.

The Transportation Systems Sector


Most recently, the San Francisco light rail system became
infected with malware viruses which took its systems offline.

You might also like