CIA Triad
Confidentiality
- Make sure only recipient gets data
- Certain info must be only known to certain people
- Ecryption so only certain people can read it
- Access Controls: limit how much info people have
- Two Factor Authentication
Integrity
- Data can’t be modified without Detection
- Data stored and transfered as intended
- Hashing
- Digital signatures: Encrypts hash with asymmetric encryption
- Certificates: combines with digital signature
- Non-repudiation
Availability
- All network systems must be up and running
- Redundany
- Fault Tolerance
- Patching