🔒

Confidentiality in Cybersecurity

Sep 8, 2025

Overview

This lecture introduces confidentiality as a core cybersecurity principle, describes common threats to it, and outlines methods to protect sensitive information from unauthorized access.

The CIA Triangle in Cybersecurity

  • Cybersecurity focuses on three main objectives: confidentiality, integrity, and availability, known as the CIA triangle.
  • Confidentiality ensures only authorized users can access sensitive information and resources.
  • Protecting confidentiality is a major responsibility for security professionals.

Threats to Confidentiality

  • Snooping: Unauthorized individuals physically look for sensitive information in workplaces.
  • Dumpster Diving: Attackers search through trash for documents containing sensitive data.
  • Eavesdropping: Attackers overhear conversations to gather confidential information; can be physical or electronic.
  • Wiretapping: Attackers intercept electronic communications by accessing network data.
  • Social Engineering: Attackers use manipulation to trick employees into revealing confidential information or access.

Protection Strategies

  • Enforce a clean desk policy to reduce snooping risks by keeping sensitive information out of public view.
  • Use paper shredders to destroy documents and prevent dumpster diving attacks.
  • Restrict sensitive conversations to private spaces and prohibit them in public areas to counter physical eavesdropping.
  • Apply encryption to protect data transmitted over networks and stop wiretapping.
  • Educate users on social engineering tactics and empower them to act if they detect suspicious activity.

Key Terms & Definitions

  • Confidentiality — The principle that only authorized persons can access specific information.
  • CIA Triangle — A foundational cybersecurity model: Confidentiality, Integrity, Availability.
  • Snooping — Physically searching for information in the workplace.
  • Dumpster Diving — Retrieving sensitive information from disposed trash.
  • Eavesdropping — Listening in on private conversations.
  • Wiretapping — Intercepting electronic communications over a network.
  • Social Engineering — Manipulating people to gain unauthorized information or access.

Action Items / Next Steps

  • Review and understand the five main confidentiality threats and their countermeasures.
  • Prepare for exam questions on confidentiality, especially about practical threat scenarios and defense strategies.

View note source

https://www.linkedin.com/learning/isc2-certified-in-cybersecurity-cc-cert-prep/confidentiality?autoplay=true&resume=false&u=114710954