In this video, you will learn about the three fundamental goals of information security that are included in the CIA triad: confidentiality, integrity, and availability. These three goals form the basis of all of the activities performed by information security professionals in the modern enterprise.
- [Instructor] Information security professionals have broad and important responsibilities for safeguarding the information and systems that are often an organization's most valuable assets. When we think of the goals of information security, we often use a model known as the CIA triad, shown here. This model highlights the three most important functions that information security performs in an enterprise. Confidentiality, integrity, and availability. Confidentiality ensures that only authorized individuals have access to information and resources.
Confidentiality is what most people think of when they think about information security, keeping secrets away from prying eyes. And in fact, confidentiality is how most security professionals spend the majority of their time. Malicious individuals seeking to undermine confidentiality are often said to engage in disclosure attacks, making sensitive information available to individuals or the general public without the information owner's consent.
Security professionals are also responsible for protecting the integrity of an organization's information. This means that there aren't any unauthorized changes to information. These unauthorized changes may come in the form of a hacker seeking to intentionally alter information, or a service disruption that accidentally affects data stored in a system. In either case, it's the information security professional's responsibility to prevent these lapses in integrity. The final goal of information security is availability, ensuring that authorized individuals are able to gain access to information when they need it.
If users can't access important business records or systems, that lack of availability may have a profound impact on the business. Malicious individuals seeking to undermine availability engage in attacks known as denial of service attacks. These attacks try to either overwhelm a system or cause it to crash, therefore denying legitimate users the access that they need.
Members who complete this course will be prepared to answer questions on the Security and Risk Management domain of the CISSP exam, and establish a critical foundation for the rest of their careers.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Aligning security with the business
- Using control frameworks
- Understanding compliance ethics
- Implementing effective security policies
- Ensuring the security of employees
- Managing risk
- Identifying threats
- Managing vendors
- Building security awareness and conducting security training