Overview
This lecture discusses the concept of availability in cybersecurity, its importance within the CIA triad, and common threats and controls used to protect system and data availability.
The Role of Availability in Cybersecurity
- Availability ensures information and systems are accessible to authorized users when needed.
- It is one of the three pillars of the CIA (Confidentiality, Integrity, Availability) triad.
- Security controls for availability protect against disruptions to normal system operations or data access.
Common Threats to Availability
- Denial-of-service (DoS) attacks overwhelm systems with excessive traffic, blocking legitimate user access.
- Power outages can make systems and data temporarily unavailable.
- Hardware failures, such as broken servers, can disrupt access to important information.
- Destruction of equipment, either accidental or intentional, results in lost availability.
- Service outages can occur due to external factors or provider failures, interrupting access.
Controls to Protect Availability
- Firewalls can block illegitimate traffic and requests to mitigate DoS attacks.
- Redundant systems and backup power supplies help maintain operations during outages or failures.
- Regular maintenance and hardware monitoring prevent unexpected breakdowns.
- Secure physical environments protect equipment from destruction.
Key Terms & Definitions
- Availability — Ensuring authorized users have reliable access to information and systems when needed.
- Denial-of-service (DoS) attack — An attack that floods a system with excessive requests, rendering it unavailable to legitimate users.
- CIA Triad — A foundational model in cybersecurity representing Confidentiality, Integrity, and Availability.
Action Items / Next Steps
- Review other elements of the CIA triad (Confidentiality and Integrity).
- Learn about related security controls for each type of availability threat mentioned.