Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
0
1
00:00:00,570 --> 00:00:06,390
Welcome to the introduction to CIA lecture. To better define the different types of security threats and how
1
2
00:00:06,390 --> 00:00:10,440
to protect against them, a model called CIA has been created.
2
3
00:00:10,830 --> 00:00:13,790
The CIA model is also known as the CIA triad.
3
4
00:00:14,490 --> 00:00:16,310
What does CIA stand for?
4
5
00:00:17,010 --> 00:00:23,670
And no, in this case, it does not stand for Central Intelligence Agency in cybersecurity. CIA stands
5
6
00:00:23,670 --> 00:00:26,880
for Confidentiality, Integrity and Availability.
6
7
00:00:27,270 --> 00:00:30,510
In the next slides, we will go in more detail regarding each element.
7
8
00:00:32,280 --> 00:00:33,990
Let's start with confidentiality.
8
9
00:00:34,350 --> 00:00:40,620
Confidentiality is the property that information is available only to authorized individuals, entities
9
10
00:00:40,650 --> 00:00:41,460
or processes.
10
11
00:00:42,380 --> 00:00:47,420
Confidentiality basically refers to protecting information from being accessed by unauthorized parties,
11
12
00:00:47,960 --> 00:00:51,420
a failure to maintain confidentiality is commonly known as a breach.
12
13
00:00:52,130 --> 00:00:55,610
Most of the time, once there is a breach, it cannot be remedied.
13
14
00:00:56,120 --> 00:01:01,910
For example, if private emails are leaked publicly online, we have a breach, and unauthorized parties
14
15
00:01:01,910 --> 00:01:04,250
have already accessed and read the information.
15
16
00:01:05,000 --> 00:01:10,140
We cannot do anything to make the unauthorized people unread the emails they already read.
16
17
00:01:11,060 --> 00:01:14,120
Let's see a few examples where confidentiality is important.
17
18
00:01:14,750 --> 00:01:17,570
Let's start with health and insurance. For example.
18
19
00:01:17,600 --> 00:01:20,240
your medical records are private and only authorized
19
20
00:01:20,240 --> 00:01:24,620
people should be able to access them, such as, for example, you and your doctor.
20
21
00:01:25,590 --> 00:01:30,660
Another domain is financial services. Your transactions and balances should be private.
21
22
00:01:31,080 --> 00:01:34,190
Also, you would not want your credit card to be public.
22
23
00:01:35,070 --> 00:01:41,220
Yet another example is messaging and social media. Your messages, emails, and social media should be
23
24
00:01:41,220 --> 00:01:41,570
private.
24
25
00:01:41,580 --> 00:01:46,490
Only you and the people that you want to share the information with should have access to that information.
25
26
00:01:46,950 --> 00:01:50,250
And finally, confidentiality is important in everyday use.
26
27
00:01:50,580 --> 00:01:56,030
Data that you store on your personal devices, such as your smartphone or laptop is confidential.
27
28
00:01:56,550 --> 00:02:00,720
This data should only be accessible to you even if your device is stolen.
28
29
00:02:01,930 --> 00:02:08,740
Now that we understood what confidentiality is, let's have a look at some common ways to ensure it first.
29
30
00:02:08,740 --> 00:02:11,070
We can do this by encrypting sensitive files.
30
31
00:02:11,740 --> 00:02:14,280
For example, your hard drive should be encrypted.
31
32
00:02:14,290 --> 00:02:19,210
So, even in the event that your device is stolen, the data is not accessible by anyone else.
32
33
00:02:19,540 --> 00:02:25,870
Another example can be, encrypting data stored online, such as in the cloud, so that it's only available
33
34
00:02:25,870 --> 00:02:27,090
to authorized parties.
34
35
00:02:27,580 --> 00:02:31,810
Another way to ensure confidentiality is to communicate over secure channels.
35
36
00:02:32,320 --> 00:02:34,670
This can apply to messaging tools, for example.
36
37
00:02:35,260 --> 00:02:40,390
Ideally, you should use apps like Signal or WhatsApp that provide end-to-end encryption.
37
38
00:02:40,810 --> 00:02:46,150
End-to-end encryption means that the message is encrypted by the sender and only the receiver can decrypt it.
38
39
00:02:46,150 --> 00:02:46,330
.
39
40
00:02:46,480 --> 00:02:50,230
This way, the message can travel safely without the fear of eavesdropping.
40
41
00:02:50,800 --> 00:02:53,000
Next, we have data access management.
41
42
00:02:53,500 --> 00:02:57,780
This basically means providing access to the data only to authorise parties.
42
43
00:02:58,120 --> 00:03:04,450
For example, let's take a personal computer that has multiple users. In order to make sure that my personal
43
44
00:03:04,450 --> 00:03:06,560
data is not accessible to other users,
44
45
00:03:06,580 --> 00:03:09,810
I must get the permission to access my files only to myself.
45
46
00:03:09,940 --> 00:03:12,560
No other user should be able to access my file.
46
47
00:03:12,980 --> 00:03:17,500
Finally, in order to safeguard confidentiality, devices and documents should be secured.
47
48
00:03:17,860 --> 00:03:23,050
This basically translates to not leaving your device or documents unattended in a public space.
48
49
00:03:23,200 --> 00:03:28,690
Also, you should never, ever keep your passwords written in spaces that are accessible by others,
49
50
00:03:28,690 --> 00:03:30,100
such as, for example, your workdesk.
50
51
00:03:30,110 --> 00:03:35,800
You can have the most secure passwords in the world, but if you have them written on sticky notes
51
52
00:03:35,800 --> 00:03:37,570
on your desk, it's all for nothing.
52
53
00:03:38,590 --> 00:03:43,390
Before we move on, please note that multiple methods discussed in this slide can be used at the same
53
54
00:03:43,390 --> 00:03:44,950
time to guarantee confidentiality.
54
55
00:03:46,930 --> 00:03:49,880
After confidentiality, let's discuss about integrity.
55
56
00:03:50,320 --> 00:03:53,500
Integrity refers to ensuring authenticity of information.
56
57
00:03:53,860 --> 00:03:58,720
This basically means that information is not altered and that the source of the information is genuine.
57
58
00:03:59,320 --> 00:03:59,800
Again,
58
59
00:03:59,980 --> 00:04:03,010
let's have a look at a few examples where integrity is important.
59
60
00:04:03,580 --> 00:04:05,290
Let's start with health and insurance.
60
61
00:04:06,010 --> 00:04:08,510
Think of an app that contains your medical records.
61
62
00:04:09,160 --> 00:04:13,590
You definitely don't want your medical records to be unreliable and have different data
62
63
00:04:13,600 --> 00:04:18,820
each time you open your app. You want to know that your data is correct and filled in by a trusted
63
64
00:04:18,820 --> 00:04:20,680
source such as, for example, your doctor.
64
65
00:04:21,130 --> 00:04:22,930
Next example is financial services.
65
66
00:04:23,170 --> 00:04:25,480
Your bank account must not be altered by anyone.
66
67
00:04:26,020 --> 00:04:28,180
Nobody wants to have an empty account out of the blue.
67
68
00:04:29,230 --> 00:04:32,200
Another domain where integrity is important is automotive.
68
69
00:04:33,730 --> 00:04:38,000
For example, the speedometer of the car should be trusted, so, it must always be accurate.
69
70
00:04:38,770 --> 00:04:42,030
You don't get the speeding fine just because your speedometer was inaccurate.
70
71
00:04:43,170 --> 00:04:49,350
Yet another example can be messaging and social media. Integrity must be enforced for posts and messages
71
72
00:04:49,350 --> 00:04:50,090
on social media.
72
73
00:04:50,220 --> 00:04:54,540
Otherwise, people could impersonate you and write or change messages on your behalf.
73
74
00:04:55,170 --> 00:04:58,110
Last but not least, integrity is important in everyday use.
74
75
00:04:58,230 --> 00:05:03,360
Whenever we surf the web, for example, reading news on our favorite news site or watching some movie
75
76
00:05:03,360 --> 00:05:04,300
on a streaming service.
76
77
00:05:04,320 --> 00:05:08,610
We need to know that the new site or streaming service do not content altered content and that the
77
78
00:05:08,610 --> 00:05:09,990
information is genuine.
78
79
00:05:10,930 --> 00:05:17,410
Now that we know what integrity is, let's see some ways it can be insured. One way is by using checksums
79
80
00:05:17,890 --> 00:05:20,890
A checksum is a value that is computed based on data.
80
81
00:05:21,850 --> 00:05:27,010
This value is used to detect if errors have been introduced during the transmission or storage of the
81
82
00:05:27,010 --> 00:05:32,560
data. For example, messenger applications can use checksums to validate whether the message received
82
83
00:05:32,560 --> 00:05:33,750
contains errors or not.
83
84
00:05:34,650 --> 00:05:41,100
Another, more powerful way to enforce integrity is to use a digital signature. A digital signature is
84
85
00:05:41,100 --> 00:05:47,190
a mathematical algorithm that is used to validate the authenticity and integrity of a message.
85
86
00:05:47,790 --> 00:05:54,000
So, for example, each message that is being sent in a messenger can be digitally signed, guaranteeing
86
87
00:05:54,000 --> 00:05:58,290
that it has been sent by a specific person, and that its content is genuine.
87
88
00:05:59,040 --> 00:06:04,110
Next, we can use backups and redundancies to make sure that our precious information maintains integrity.
88
89
00:06:04,680 --> 00:06:06,840
Think of your personal data stored on your PC.
89
90
00:06:07,290 --> 00:06:12,080
If the storage suffers a hardware failure or the device gets stolen, all your data will be gone.
90
91
00:06:12,090 --> 00:06:15,450
But, if you have a backup, you can easily restore the lost data.
91
92
00:06:16,020 --> 00:06:19,050
Another example can be a website, such as an online forum.
92
93
00:06:19,560 --> 00:06:24,120
The server on which the forum is hosted can fail at some point due to a hardware failure
93
94
00:06:24,120 --> 00:06:29,670
risking to corrupt and/or lose the data. To protect against these frequent backups can be done.
94
95
00:06:29,890 --> 00:06:35,340
Also, adding extra servers that host the online forum can help mitigate the risk of losing data.
95
96
00:06:36,310 --> 00:06:42,130
A version control system is a system that contains the current as well as previous versions of files,
96
97
00:06:42,280 --> 00:06:48,010
documents or programs, and can be used to track changes down to the aforementioned files, documents
97
98
00:06:48,010 --> 00:06:48,610
or programs.
98
99
00:06:49,730 --> 00:06:54,800
Last but not least, file permissions and access control can help ensure integrity.
99
100
00:06:55,620 --> 00:07:02,420
Basically, this means making sure that only parties that should modify or delete the data are able
100
101
00:07:02,420 --> 00:07:02,940
to do so.
101
102
00:07:03,560 --> 00:07:07,730
For example, let's imagine an online school schedule shared on Google Drive.
102
103
00:07:08,540 --> 00:07:13,640
The content of the school schedule should be accessible to everyone, both students and teachers, but
103
104
00:07:13,640 --> 00:07:15,380
should only be modified by the teachers.
104
105
00:07:15,590 --> 00:07:21,110
So, the teachers should give permission to view the file to everyone, but permission to edit only to
105
106
00:07:21,110 --> 00:07:23,570
the teachers. Before we move on
106
107
00:07:23,810 --> 00:07:29,630
please note that multiple methods discussed in this slide can be used in conjunction to guarantee the integrity
107
108
00:07:29,630 --> 00:07:30,330
of information.
108
109
00:07:31,040 --> 00:07:33,710
Until now, we covered the confidentiality and integrity.
109
110
00:07:34,160 --> 00:07:37,190
It's now time to have a look at the last element of the CIA triad.
110
111
00:07:37,490 --> 00:07:38,600
IT Availability.
111
112
00:07:39,350 --> 00:07:44,060
Availability means that information is accessible by authorized parties whenever desired.
112
113
00:07:44,980 --> 00:07:50,440
This applies to all I.T. systems, from all the services that we use online, such as, for example,
113
114
00:07:50,440 --> 00:07:56,350
video streaming platforms, online banking, social media platforms, and websites in general, to the usage
114
115
00:07:56,350 --> 00:07:58,120
of our own laptop or smartphone.
115
116
00:07:58,790 --> 00:08:03,800
All these services should be available to their users whenever the users demand them.
116
117
00:08:04,390 --> 00:08:07,900
Let's have a look at a few ways in which we can ensure availability.
117
118
00:08:08,560 --> 00:08:10,140
First, we have redundancy.
118
119
00:08:10,660 --> 00:08:14,970
We already discussed a bit about it when we looked at ways to ensure integrity.
119
120
00:08:15,820 --> 00:08:19,310
Similarly, redundancy could also be used to ensure availability.
120
121
00:08:20,230 --> 00:08:23,950
Nowadays, most services use redundancy to guarantee availability.
121
122
00:08:24,550 --> 00:08:30,280
For example, a streaming platform can have multiple instances deployed on separate servers so that
122
123
00:08:30,430 --> 00:08:32,620
if one of them goes down the service
123
124
00:08:32,620 --> 00:08:33,490
the service is not impacted.
124
125
00:08:34,300 --> 00:08:40,000
For example, a streaming platform can have multiple instances deployed on separate servers,
125
126
00:08:40,000 --> 00:08:43,720
so, in case that one of the servers goes down, the service is not impacted.
126
127
00:08:44,440 --> 00:08:48,070
Also, since one server cannot serve unlimited customers,
127
128
00:08:48,400 --> 00:08:54,340
hosting the service on multiple servers can ensure availability even when a large number of users are
128
129
00:08:54,340 --> 00:08:55,980
using the service at the same time.
129
130
00:08:57,170 --> 00:09:02,570
Next, we have backup, which goes hand in hand with redundancy, having data stored in multiple places
130
131
00:09:02,570 --> 00:09:08,300
can help guarantee availability. To continue with the streaming example, having a movie backed up and
131
132
00:09:08,300 --> 00:09:13,700
stored on multiple servers can allow the movie to be streamed even when one of the servers is down, due
132
133
00:09:13,700 --> 00:09:15,510
to, for example, a hardware failure.
133
134
00:09:16,160 --> 00:09:18,290
Last but not least, is lifecycle management.
134
135
00:09:19,070 --> 00:09:20,960
All hardware will eventually fail.
135
136
00:09:21,380 --> 00:09:26,930
Because of that, we should plan the replacement of older hardware, which can make the infrastructure
136
137
00:09:26,930 --> 00:09:29,420
more reliable and provide improved availability.
137
138
00:09:30,110 --> 00:09:35,210
The same lifecycle management can be applied to software, replacing older software with newer software.
138
139
00:09:37,230 --> 00:09:44,220
To recap, in this lecture, we learned what the CIA triad is, and for each of its element, Confidentiality,
139
140
00:09:44,220 --> 00:09:46,210
Integrity and Availability,
140
141
00:09:46,270 --> 00:09:49,290
we had a closer look and learned how we can ensure them.
141
142
00:09:50,190 --> 00:09:55,350
With that, we conclude this lecture. As always, if you have any questions, don't hesitate to ask us.
142
143
00:09:55,800 --> 00:09:57,030
See you soon in the next one.
15976
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.