The three pillars of security are: confidentiality, integrity and availability:
Ensures level of secrecy & prevents unauthorized access
Enforces secrecy of data in all stages, while at rest, in transition or at destination.
Attackers target confidentiality by:
Monitoring network
Shoulder surfing
Stealing password files
Breaking encryption
Social engineering
- Can be compromised intentionally, by malice, or unintentionally, by lack of awareness, negligence etc.
Integrity
- Integrity can be examined from three perspectives:
- Preventing unauthorized subjects from modifying objects
- Prevent unauthorized modification by authorized subjects – e.g. mistakes
- Maintain internal and external consistency so that data reflect reality
Availability:
Timely and uninterrupted access for authorized users
- Infrastructure should also be functional
- Protected against :
- Denial of Service (DoS) attacks
- Faults & failures due to hardware, software, environmental factors (e.g. heat, flood etc.)
- Acceptable performance
