Basic Concepts of Information Assurance

1
Basic Concepts of Information Assurance
2
Objective

• To provide background on the basic concepts of
  information assurance that create a framework of
  how to protect information systems

3
Basic Security Concepts

• CIA triad is a widely-used information assurance
  (IA) model which identifies confidentiality,
  integrity and availability as the fundamental
  security characteristics of information. The
  three characteristics of the idealized model are
  also referred to as IA services, goals, aims,
  tenets or capabilities.

http//en.wikipedia.org/wiki/CIA_triad
4
Confidentiality

• Confidentiality is assurance of data privacy.
  Only the intended and authorized recipients
  (individuals, processes, or devices) may access
  and read the data. Disclosure to unauthorized
  entities, for example using unauthorized network
  sniffing is a confidentiality violation.
• Confidentiality is often provided through the use
  of cryptographic techniques

http//en.wikipedia.org/wiki/CIA_triad
5
Integrity

• Integrity is assurance that data has not been
  altered.
• Data integrity is having assurance that the
  information has not been altered or corrupted in
  transmission from source to destination,
  willfully or accidentally, before it is read by
  its intended recipient.
• Source integrity is the assurance that the sender
  of that information is who it is supposed to be.
  Source integrity may be compromised when an agent
  spoofs its identity and supplies incorrect
  information to a recipient.
• Digital Signatures and hash algorithms are
  examples of mechanisms used to provide data
  integrity.

http//en.wikipedia.org/wiki/CIA_triad
6
Availability

• Availability is confidence in timely and reliable
  access to data services by authorized users. It
  ensures that information or resources are
  available when needed. This means that the
  resources are available at a rate which is fast
  enough for the system to perform its intended
  task.
• It is possible that confidentiality and integrity
  can be protected, but an attacker may cause
  resources to become less available than required,
  or not available at all.
• A Denial of Service (DoS) attack is an example of
  a threat against availability.
• Robust protocols and operating systems, redundant
  network architectures and system hardware without
  any single points of failure help to ensure
  system reliability and robustness.

http//en.wikipedia.org/wiki/CIA_triad
7
Summary

• This section provides background on the basic
  security concepts that create a framework of how
  to protect information systems

8
List of References

• http//en.wikipedia.org/wiki/CIA_triad
• http//www.sans.org/reading_room/whitepapers/polic
  yissues/498.php
• http//www.sharepointsecurity.com/content-130.html
  
• http//media.wiley.com/product_data/excerpt/29/076
  45393/0764539329.pdf
• http//securityrenaissance.com/2007/04/11/the-c-i-
  a-triad-e28093-weighed-and-found-wanting/
• http//en.wikipedia.org/wiki/Parkerian_hexad

CyberPatriot wants to thank and acknowledge the
CyberWatch program which developed the original
version of these slides and who has graciously
allowed their use for training in this
competition.