First element of the CIA Triad - Confidentiality. Notes
Confidentiality is the first principle of the [CIA Triad](./2024.
Confidentialit measures the protection of the secrecy of: - data - objects - resources
Confidentiality protection:
- GOAL: is to prevent or minimize unauthorized access data
- prevents disclosure while protecting authorized access
Violations of confidentiality are not limited to attacks. Many disclosure of information are result of:
- human error
- oversight
- ineptitude
- actions of end user
- system administrator
- oversight in a security policy
- misconfigured security control
Contermeasures that can help against possible threats:
- encryption
- network traffic padding
- strict access control
- rigorous authentication procedures
- data classification
- extensive personal training
In the following table are given concepts, conditions and aspects of the confidentiality:
| Sensitivity | the quality of information that could cause harm or damage if disclosed |
| Discretion | decision where operator can influence or control disclosure to minimize harm or damage |
| Criticality | The higher the level of criticality, the more likely the need to maintation the confidentiality |
| Concealment | the act of hiding or preventing disclosure. Another concept to concealment is obscurity - attempts to gain protection through hiding, silence or secrecy the information |
| Secrecy | The act of keeping information in a secret |
| Privacy | It is about the keeping personal information that might cause harm, embarrassment or disgrace to someone |
| Seclusion | About storing information in isolated, out-of-the-way location with strict access controls |
| Isolation | Related concept with seclusion. It is about keeping information separate from others. |
Reference
- CISSP learning materials