CIA Intro

Video Activity

This lesson covers the principles of security. We can remember the three principles of security using the acronym CIA. Confidentiality: preventing the unauthorized disclosure of data Integrity: preventing the unauthorized modification of data and detecting any such unauthorized modifications when they occur Availability of data; the timely access o...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 54 minutes
Difficulty
Advanced
CEU/CPE
4
Video Description

This lesson covers the principles of security. We can remember the three principles of security using the acronym CIA.

  • Confidentiality: preventing the unauthorized disclosure of data
  • Integrity: preventing the unauthorized modification of data and detecting any such unauthorized modifications when they occur
  • Availability of data; the timely access of resources

You will familiarize yourself with the necessary security objectives that we must strive to achieve, and remember them using the acronym SMART. Our security objectives must be: - Specific; such as increasing application security

  • Measurable; you have to know when you've achieved your goal
  • Attainable; is it something that can be done?
  • Realistic; can the objective be achieved within the realm of possibility?
  • Timely; can the goal be reached within a specific period of time?

You must keep in mind all the threats that can compromise your data security within the CIA and SMART framework.

Video Transcription
00:04
now, before we get too much deeper in what the role of a chief information security officer is and what they do. Let's just talk about some basic principles of security on when we discuss the principles of security, most people will understand. We're talking about the C I A. Confidentiality, integrity
00:23
and availability, and we'll talk more about this in the next section. But ultimately with confidentiality,
00:29
we want to prevent unauthorized disclosure of information. We want to protect our secrets. We want to keep them secret.
00:36
Then we have integrity, which means if there's any type of modification, whether it's intentional or unintentional, we want to be able to detect that.
00:46
And then last but not least, we want availability. Timely access to resource is so what we want to do from a governance perspective is to be able to outline goals in relation to CIA and then ultimately the objectives that will help us attain those goals.
01:03
And anytime we do talk about objectives, we want those objectives to be smart,
01:08
specific, measurable, attainable, realistic and timely. So when we talk about specific, we don't want to go or an objective rather of improving security,
01:22
because that's very broad. That's very nebulous, right? We want to specifically increase applications security. Well, that's a good, you know. That's something that's good to plan for and want.
01:37
But how do I know when I get there? What does it mean to improve applications? Security? Well, that's where the next element
01:42
measurable comes in. I have to know when I've gotten there s so to speak, If I have this sort of the direction, how will I ever know my destination or when I've gotten there if I don't have something tangible?
01:57
So when we talk about our objectives being measurable, there needs to be a way of verifying steps along the way and verifying when we've obtained those goals.
02:07
So we want to decrease malware infestations as detected by our any virus software. We want a decrease of 5% something like that. So it's specific to what we're looking for. And it's also measurable now, attainable and realistic.
02:25
Is it something that we can do?
02:29
Is that within our reach where we, as an organization, are right now or is it just unrealistic and unattainable? Those two really go pretty closely together. Is it something we can achieve is it something that can be achieved within our realm of possibility
02:46
and then timely would want to set a time frame,
02:49
you know, improving security by 5% as noted by a decrease in malware infections. That's great. But by win, you know, the end of this year, the end of this month, the end of this decade. So we want those objectives to be smart, measurable, attainable,
03:08
realistic
03:09
and timely. And ultimately, what we want to do is we want to think about the threats that would compromise
03:17
confidentiality, integrity and availability, and that's coming up in the next section.
Up Next
Chief Information Security Officer (CISO)

In this CISO certification training, you will learn what other CISO's are focusing their time and attention on. Among the key topics, you will learn how to implement the proven best practices that make for successful cyber security leadership.

Instructed By