1
00:00:01,000 --> 00:00:08,190
OK, so now we'll move on the first element of information security, and that is confidentiality.

2
00:00:08,710 --> 00:00:15,940
Now, confidentiality requires that only authorized users have access to the protected and sensitive

3
00:00:15,940 --> 00:00:16,430
data.

4
00:00:17,080 --> 00:00:24,820
Confidentiality is nothing, but only the people who are intended to access the data should be able

5
00:00:24,820 --> 00:00:26,080
to access those data.

6
00:00:26,440 --> 00:00:31,050
Any other unauthorized users should not access that data.

7
00:00:32,680 --> 00:00:39,550
Now, that are some of the practices employed to address the confidentiality, for example, ensure

8
00:00:39,550 --> 00:00:46,600
that there is an authentication process within the organization so that people can authenticate to access

9
00:00:46,600 --> 00:00:54,550
a resource or a piece of information, authentication, recoilless and user with identity and a password

10
00:00:54,550 --> 00:00:59,260
like username and password and addressing the confidential data.

11
00:00:59,980 --> 00:01:02,710
Now implement security controls.

12
00:01:02,980 --> 00:01:10,270
That is why many companies on many organizations have audits in place to check whether the proper security

13
00:01:10,270 --> 00:01:13,010
controls are being employed or not.

14
00:01:14,480 --> 00:01:18,290
Then ensure that the access control policies are implemented.

15
00:01:18,590 --> 00:01:26,780
Now, this point is very important when it comes to ensuring confidentiality, access control policies

16
00:01:26,780 --> 00:01:28,030
are very important.

17
00:01:28,940 --> 00:01:34,330
Access control policies actually define which people have access to water resources.

18
00:01:34,670 --> 00:01:40,010
For example, if you are an employee, if you are an associate, you might not have the access to the

19
00:01:40,010 --> 00:01:43,670
data which is supposed to be accessed by the upper management.

20
00:01:44,090 --> 00:01:50,960
So in this case, there is an access control policy which restricts other users from accessing the data

21
00:01:51,710 --> 00:01:52,760
from other people.

22
00:01:53,570 --> 00:01:55,270
Now, let's have a simple scenario.

23
00:01:55,700 --> 00:01:58,040
This is Bob and this is Alice.

24
00:01:58,040 --> 00:01:59,990
And this is truly from the face.

25
00:01:59,990 --> 00:02:02,000
You can see that truly is a bad guy.

26
00:02:02,370 --> 00:02:03,460
Is a bad person.

27
00:02:03,890 --> 00:02:07,950
No, Bob is trying to send some information to Alice.

28
00:02:07,970 --> 00:02:11,180
Bob is trying to send some information to Alice here.

29
00:02:11,980 --> 00:02:17,000
Now, let's say Bob is trying to tell some information about his meeting.

30
00:02:17,240 --> 00:02:24,410
And if Trudy tries to intercept that data and is able to read the data through the medium, then we

31
00:02:24,410 --> 00:02:28,160
can see that the confidentiality element is being violated.

32
00:02:28,820 --> 00:02:38,540
In this case, people often employ techniques like encryption and decryption and public or private key

33
00:02:38,540 --> 00:02:44,500
cryptography in order to, you know, restrict anyone from accessing the data.

34
00:02:44,870 --> 00:02:50,900
For example, if Bob is trying to send a bank account number and if that data is then encrypted with

35
00:02:50,900 --> 00:03:00,650
a strong encryption algorithm like the is all the details which we are going to see in the next sections.

36
00:03:01,220 --> 00:03:08,870
And if that data is being sent, then Judy has no chance of, you know, reading that data, no see

37
00:03:08,870 --> 00:03:12,380
truly can intercept and can have the encrypted text.

38
00:03:12,680 --> 00:03:20,240
But then there's no point because that data is supposed to be interrupted with a key that only Alice

39
00:03:20,240 --> 00:03:27,710
can see that data is so encryption mechanism and hashing is used to avoid the confidentiality.

40
00:03:28,790 --> 00:03:35,360
So if Rudy is able to access this data in plain text, then we can see that the data is being violating

41
00:03:35,360 --> 00:03:37,110
the confidentiality principle.

42
00:03:38,450 --> 00:03:46,310
So basically, confidentiality means to ensure that the information is only accessible to authorized

43
00:03:46,310 --> 00:03:50,410
individuals, that is, individuals with a real identity.

44
00:03:51,050 --> 00:03:58,940
For example, the personal data of salaried employees must only be accessible by authorized human resources

45
00:03:58,940 --> 00:03:59,600
department.

46
00:04:00,140 --> 00:04:06,560
Now there are several types of access control which can ensure the confidentiality information and encryption.

47
00:04:06,560 --> 00:04:08,750
Its example, which I just discussed.

48
00:04:09,170 --> 00:04:12,950
It can be used to protect the confidentiality of information.

49
00:04:13,400 --> 00:04:19,160
Access control policies, which we have just seen a couple of minutes ago, can be applied at different

50
00:04:19,160 --> 00:04:21,740
levels of information security management system.

51
00:04:22,430 --> 00:04:27,830
For example, at the physical level, you can have locks on your doors, then filing cabinet that locks

52
00:04:27,830 --> 00:04:34,160
or safe walls and the logical level access controls to information or encryption.

53
00:04:34,700 --> 00:04:38,300
So this was all about the first element of information security.

54
00:04:38,660 --> 00:04:40,130
That is the confidentiality.

55
00:04:40,460 --> 00:04:43,550
In the next lecture, we will see about integrity.