hey everybody welcome back and welcome to the first video in the security refresher section pretty much everything in the refresher section is something that we need to learn to learn the rest of the stuff in this Theory section so it's kind of the assumption that you're not like super brand new coming into this course that you at least understand some basic security topics ideally you will have Security Plus or at least Security Plus level knowledge if you don't have that yet and you are thinking about getting Security Plus I do have a Security Plus practice questions deck I'll I'll include it in the links below but getting right into it the very first first section we're going to cover the CIA Triad and pretty much everything in cyber security revolves around this that is Cia being confidentiality integrity and availability if you take Security Plus or any of these certifications it's probably one of the first things that you'll learn about and it's really important that you understand this acronym and what exactly it means so we're just going to cover that first so like I said CIA stands for confidentiality integrity and availability and these are like the three tenants of cyber security so I'll just kind of explain each one of these pillars in regards to online banking or banking in general so confidentiality is essentially safeguarding things and protecting certain things from being disclosed to people who are not supposed to see them so if you think about it in terms of a bank confidentiality would be preventing the wrong people from seeing your account balance or any other kind of personal details it's in the bank's best interest to protect confidentiality and making some use of chat GPT to kind of understand this concept a little bit better I just said explain to me confidentiality and 10 words or less like I'm 5 years old just says confidentiality means keeping Secret Safe so that's you know it's a pretty a pretty good description and then I just said the same thing but explain like I'm 15 years old confidentiality means protecting information from unauthorized access or disclosure pretty accurate description and we'll dive into this a little bit more deeply talking about security controls and whatnot but don't worry about that for now getting into the i in CIA Triad um Integrity just essentially means preventing data from being changed when it's not supposed to be changed so if you think of maintaining Integrity in the sense of banking and online banking that would be preventing the wrong people from changing your account details balance or any other personal information so you wouldn't want someone going in and reducing your balance by half right that's compromising the Integrity of your account or just stealing money essentially um and when we ask chat GPT explain to me what Integrity is like I'm 5 years old integrity means making sure things stay the way they should that has a really good description actually and same thing as if I'm a 15-year-old integrity means maintaining the accuracy and consistency of data very good very accurate I love chat GPT so now time for the last pillar availability availability in terms of online banking you can think about it like ensuring your money as well as access to your account remains available when it should be available in our case that means Mobile Banking and on-site banking we want we want to be able to move our money around when when we want to or we have to asking chat GPT explain availability as if I'm a 5-year-old availability means things can be used when needed again very very good explain in 10 words or less like I'm 15 availability means ensuring that resources are accessible when required and you kind of think about availability in terms of a large corporation right it's really really important for them to maintain availability especially someone like Amazon cuz if you imagine like the whole Amazon front end went down like all across all the world can you imagine how much money they would be losing every single second right that's why availability is really important like all the pillars are important but you know kind of think about it in terms of scale and impact and then the importance becomes really imp apparent right and then talking about security controls there's actually a security controls section in the refresher section but these are some security controls that maintain each one of the pillars so for example like how do I maintain confidentiality and like kind of depends on what your system is but you could use things such as encryption to keep data you know encrypted and hidden from people are not supposed to see it you can use access controls like preventing people from accessing the data or or logging into certain systems and then in terms of physical security you could use padlock right maybe you have a diary in your room or something and you want to maintain the confidentiality of it so you you put a padlock on your your desk drawer or something like this and then getting into Integrity Integrity controls are hashing and integrity monitoring I won't go deeply into what hashing is I have like videos for this on YouTube and it's kind of one of those basic security things but hashing is essentially you take a digital thumbprint of a file then you send the file somewhere else and then the recipient takes the digital thumbprint and if they're the same you can assume the file didn't change in transition that's basically what hashing is and then availability controls you can kind of think about all these things as stuff to either like recover something when it's down or preventing it from going down right so backups like a whole other hot sight clustering load balancing just general redundancy so if something explodes and burns to the ground you have another one over here like already ready to work and carry on your your workload yeah so those are some those are some examples of controls around the CIA tra there's a whole bunch of controls for each pillar but these are some kind of like easy ones that I thought of off the top of my head and I want to reiterate again it's not really important for you to memorize these like okay like uh encryption which one is like confidentiality encryption blah blah blah you don't don't approach it like that kind of approach it like understanding what CIA is like use chat GPT other resources to like you know really learn what those things are and then just understand what they are and then if you think about it like confidentiality what are some controls to you know uphold that like what are some things that you can do to prevent information disclosure so like you know you can you can kind of infer them based on your understanding and I do want to kind of talk about the fact and maybe it just gives you a better way or a different way to think about things pretty much everything in cyber security all revolves around the CIA Triad like every every job that you see online revolves around the CIA Triad so if you think about a pen tester they're trying to actually poke holes in the systems to discover weaknesses all for the sake of patching them up and helping that organization maintain CIA confidentiality Integrity availability an auditor they're going through and looking at a system making sure all the proper controls are in place all for the sake of you know maintaining the CIA Triad for the organization same with a program manager security engineer Etc sock analyst they're sitting in their cubicle or whatever looking at alerts and incidents and whatnot all for the sake of you know preventing breaches or whatever the case may be that might compromise the CIA Triad like everything revolves around it it's just like a really easy way to think about it and wrapping this section up here are some interview questions um don't worry about really doing anything with these I'm going to include like a whole section in in the job hun preparation and execution phase I'm going to have all these like interview questions in an ay deck and like everything's going to be really organized but I just kind of want to show these at the end of every slide just to give you something to read and kind of think about right um you can kind of prime your brain with these before actually getting into the job hunt preparation and execution phase also you can um paste these questions into chat GP and then chat GPT will answer and then you can kind of get different answers and then learn that way so I just kind of wanted to um introduce that but yeah that is the CIA tried in the security refresher section see you in the next video