🔐

Cybersecurity Principles Overview

Jun 21, 2025

Overview

This lecture introduces fundamental cybersecurity principles, including the CIA Triad, privacy concerns, and core concepts like authentication, authorization, accounting, and non-repudiation.

CIA Triad (Confidentiality, Integrity, Availability)

  • Confidentiality protects data from unauthorized access or disclosure using encryption, passwords, and access controls.
  • Integrity ensures data remains accurate, complete, and unaltered, often using hashes and checksums.
  • Availability guarantees that systems and data are accessible to authorized users when needed, using redundancy, backups, and DoS protection.

Privacy Considerations

  • Social networking sites collect extensive user data; users should manage privacy settings and understand data sharing.
  • Emails and instant messages often contain sensitive information and should use encryption for secure communications.
  • File sharing requires encrypting sensitive files and enforcing access controls for authorized users only.
  • Personally identifiable information (PII) includes names, addresses, and Social Security numbers; it must be protected with encryption and restricted access.
  • Government regulations like GDPR mandate explicit user consent for data collection and give users rights over their data, including deletion and cookie consent.

AAA Framework: Authentication, Authorization, Accounting

  • Authentication verifies a user's identity using methods like passwords (single factor) or multi-factor authentication.
  • Single sign-on allows users to access multiple systems with one login session.
  • Authorization determines user access rights and enforces permissions according to job roles (least privilege principle).
  • Accounting tracks and logs user activities for auditing and detecting suspicious behavior.

Non-Repudiation

  • Non-repudiation ensures individuals cannot deny their actions or communications.
  • Achieved through digital signatures, encryption, and detailed logging, supporting accountability and trust.

Key Terms & Definitions

  • Confidentiality — Protecting information from unauthorized access.
  • Integrity — Ensuring data remains accurate and unaltered.
  • Availability — Ensuring systems/data are accessible to authorized users.
  • PII (Personally Identifiable Information) — Data that can uniquely identify an individual.
  • Authentication — Verifying user identity.
  • Authorization — Determining user access rights.
  • Accounting — Tracking/logging user actions.
  • Non-repudiation — Preventing users from denying their actions.

Action Items / Next Steps

  • Review the CIA Triad, AAA framework, and definitions before the exam.
  • Ensure you understand the privacy implications of PII and GDPR.
  • Practice sample exam questions related to these core concepts.

Full transcript