top of page
  • Writer's pictureSai Narayan

Class Notes Day 3 - Confidentiality, Integrity and More




CIA
.pdf
Download PDF • 34.54MB

Download material here


Absolutely, here is detailed content for each of your requested topics:


### 1. Confidentiality


Confidentiality in cybersecurity refers to the protection of information from unauthorized access and disclosure. Here are some examples demonstrating the importance of maintaining confidentiality:


1. **Private Undisclosed Confidential Information**

- **Business Secrets**: Companies often have trade secrets, business strategies, and financial information that should be kept confidential to maintain a competitive edge.

- **Health Records**: Personal health information must be kept confidential to protect an individual’s privacy and comply with laws like HIPAA in the US.


2. **Social Media Private Content**

- **Personal Messages**: Private conversations on social media platforms should remain confidential to protect user privacy.

- **Sensitive Images and Videos**: Sharing private photos or videos without consent is a breach of confidentiality.


3. **E-Commerce**

- **Credit Card Details**: E-commerce websites store payment information, which needs to be safeguarded to prevent financial fraud.

- **Customer Information**: Customer data, including shipping addresses and contact details, should be protected to prevent misuse.


4. **Government Data Records**

- **Citizen's Personal Data**: Governments hold a lot of personal data about citizens which should be safeguarded to prevent identity theft.

- **Classified Information**: Government records may include classified information that could compromise national security if disclosed.


### 2. Integrity


Integrity ensures that data is not altered or tampered with, and that it maintains its original state. Examples in the context of personal data like passport details, photos, addresses, and DOB are as follows:


1. **Passport**

- Safeguarding the digital data embedded in passports to prevent alterations and fraudulent use.

2. **Photos**

- Protecting digital photographs from unauthorized editing or manipulation which could be used in misinformation campaigns.


3. **Address**

- Ensuring that address records in databases are protected from unauthorized changes, which could lead to various forms of fraud or identity theft.


4. **DOB**

- Protecting date of birth information from unauthorized changes to prevent identity theft or fraudulent account creations.


### 3. Availability - Makemytrip Scenario


Availability in the context of a service like "MakeMyTrip" implies that the service should be accessible to users whenever they want to use it. Here's a potential scenario illustrating the importance of availability:


- **Scenario**: During the peak holiday season, a significant number of users are trying to book tickets on "MakeMyTrip". Ensuring availability means implementing robust server infrastructure to handle the high traffic without crashing, and having backup systems in place to prevent downtime, thus allowing users to successfully book their trips without hassle.


### 4. Real Vulnerabilities on MIT (World's No.1 University)


In a hypothetical scenario where MIT, a reputed institution, encounters vulnerabilities, here’s how they might appear:


1. **Information Leakage Vulnerability**

- **Scenario**: Through a misconfigured database, personal information of students and staff might be accessible to unauthorized users. This could include academic records, financial details, and other sensitive information.

- **Mitigation**: Strengthening access controls and encrypting sensitive data to prevent unauthorized access.


2. **Sensitive Data Exposure**

- **Scenario**: Due to insecure data transfer methods, sensitive research data might be exposed to unauthorized entities, potentially leading to intellectual property theft.

- **Mitigation**: Implementing secure data transfer protocols and regularly updating security measures to prevent data exposure.


3. **Server Misconfiguration**

- **Scenario**: Due to an error in server configuration, hackers might gain unauthorized access to the university’s server, potentially manipulating or stealing data.

- **Mitigation**: Regularly reviewing and auditing server configurations to ensure that they adhere to security best practices, and quickly rectifying any identified misconfigurations.


In each case, quick identification of the vulnerability followed by immediate action to rectify it would be crucial in safeguarding the university's data and maintaining its reputation.

15 views0 comments

Comments


bottom of page