Information Security Triad
Information Security is based on three main factors (Also Called Information Security Triad). Confidentiality, Integrity and Availability, these are abbreviated as CIA. In this section of this tutorial, we’ll take a look at Information security triad to help you understand the aspects of Information security triad.
Confidentiality: Assures that data is secured and only authorized people will have access to the data. Confidentiality of data prevents unauthorized read access to data. Data Confidentiality assures that the data will not be disclosed to unauthorized people.
Integrity: If data integrity is maintained, the data will not be modifies by unauthorized people. This prevents unauthorized write access to data.
Availability: Ensures information is available when needed. The Availability assures that the network and data will be available to authorized personnel.
What is AAA?
(Identity)Authentication, Authorization, Accountability.
Identity: Someone who you are claiming to be. When you enter your username in the logon field, you are claiming your IDENTITY. There is no guarantee that the person who is claiming an identity; is the real person.
Authentication: The password that we enter in the logon field is an example of Authentication. like Identity; there is no guarantee that the person who is entering the password, is the real owner of the account. Except some biometric authentication methods are being used.
Authorization: Also called permissions. The level of the permission the user will gain after they are authenticated is called Authorization.
Accountability: The procedure and the facts that can hold the user accountable for what they do with the data network. Accountability becomes feasible via tools like logging and monitoring.
Types of authentication:
- Password Authentication
- Two-Factor authentication (2FA)
- Token Authentication
- Biometric Authentication
- Transaction Authentication
- Computer Recognition Authentication
- CAPTCHA
- Single Sign-on (SSO)
- Password Picture