Definition
Security
Security encompasses strategies, precautions, and tools ensuring confidentiality, integrity, and availability of information.
CIA Triad
Confidentiality
Data is only accessible to authorised users.
Integrity
Data remains accurate and unmodified except by authorised users.
Availability
Data and services are accessible when needed.
Security Concerns
Authenticity
Verifying that an identity (user or process) is who it claims to be.
Accountability
All actions traceable to a specific actor (via logging/auditing).
Threat Types
Passive Threats
Monitoring or eavesdropping without detection. Violates confidentiality.
Active Threats
Manipulation of data or system states. Violates integrity and availability:
- Interruption: Service unavailable (destruction, overload)
- Interception: Unauthorised data access
- Modification/Fabrication: Unauthorised change or creation
- Theft of Service: Unauthorised resource use
| Goal | Threat |
|---|---|
| Confidentiality | Exposure / Interception |
| Integrity | Modification / Fabrication |
| Availability | Denial of Service (DoS) |