In fact, there are only three most important words in Cyber Security. If you thoroughly understand them, you will better appreciate all other concepts and solutions.
The three keywords are: Confidentiality, Integrity, and Availability.
Not sure what they are about? Let me give you a simple example so you can quickly get it:
Let’s say you just got $10,000 as a year end bonus (hope it is true for me). You might not want Joe sitting besides you to know that exact amount. Otherwise, he probably will be jealous about you. So the amount of $10,000 is a confidential information to you. The first keyword, Confidentiality, is about to prevent others from knowing your secret or private data.
Now, you are happy about this $10,000. But when checking your banking account, you find only $9,000 was deposited last Friday. What’s going on? This brings our second keyword, Integrity, which is about ensuring the data is correct and consistent at all time. Fortunately, it turned out to be a mistake made by HR, you receive the rest $1,000 the next day.
With the money, you decide to get a last-minute vacation deal online. Nevertheless, you deserve a relax time after working so hard through the year. But right after you click the “Order Submit” button, the website returns a message saying: “The site is temporarily down due to high volume of requests, please check us later.” This links our third keyword: Availability, which means the ability to access the data or services at any time. Obviously, it sucks when it is unavailable to complete the deal you want.
Alright, let’s quickly recap:
Confidentiality – do not let others know (Read) your security information
Integrity – do not change (Write) your data incorrectly and inconsistently
Availability – ensure the services or data are always accessible
To make it easier to remember, some sources describes Confidentiality, Integrity, Availability as a CIA Triad. They form the foundation of the modern Cyber Security framework. All security strategies, architectures, and solutions are designed and implemented to address these three security principles.