Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

The CIA Triad

No description
by

Faham Usman

on 22 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of The CIA Triad

Information Security
The CIA Triad
Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
Confidentiality, Integrity, and Availability
CIA defined
Identifying the Secure Elements
Written policies
Measuring compliance
Summary
Audit
Incident
Tools
Alternate Definitions
What is Information Security

aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
Understand what is information security
Adopt CIA or other security framework or several
Perform regular audits
Get security employees certified
Publish security procedures
Train employees
Understand encryption
Summary
Communicate Policies to
Security Staff
What to Backup
Availability: BCP/DR
Data Classification Policy
Source: http://telicthoughts.blogspot.com/2009/02/when-one-thinks-of-securing-information.html
Criticisms of CIA
Definition of Information Security
Security Policies
Confidentiality
Definition of Information Security
Definition of Information Security
Access Control
Access Control
Who Has Access to Confidential
Data?
Access Control
Availability and Authentication
Integrity
Integrity is assuring the accuracy and consistency of data by making sure that the content of the data is not accessed or modified by any unauthorized person.
How to Measure Security
Effectiveness
Encryption: Prime Numbers
The CIA Triad : Confidentiality,
Integrity and Availability
Non-Repudiation Extended
Classify Data according to
Business Impact
AIC Triad or PAIN
=
Where Is Confidential Data Stored?
Parker Extend’s CIA Definition:
the Parkerian Hexad
Non-Repudiation
Source: http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Incident: Adobe
Data Classification
Identifying the Security Elements
What is Confidential Data?
Microsoft’s STRIDE Threat Model
Signed Emails
Protecting Confidentiality
PKI
Data Classification
Hash: Protect Integrity
Take an inventory of what data you have and classify it according to the loss one were to suffer if you lost that data.

Security Investigators found source codehere on a server used by cyber criminals. Adobe confirms that a breach has occurred. Adobe releases press release.
The objective of this control is :

To ensure authorized user access

To prevent unauthorized access to systems and services

To enable assignment of access rights, a formal user registration and de-registration process should be in place and implemented
Full transcript