WEBVTT 00:01.150 --> 00:06.220 The biggest challenge one has when you're starting to wrap your head around becoming an I.T. security 00:06.220 --> 00:07.520 person as well. 00:07.630 --> 00:08.350 Where do you start. 00:08.350 --> 00:09.270 What do you do. 00:09.340 --> 00:11.980 There's so much to do and there is a lot to do. 00:11.980 --> 00:18.040 So the secret to understanding I.T. Security is to give yourself a goal. 00:18.040 --> 00:19.540 I mean why are we doing all this. 00:19.540 --> 00:24.640 Why are we going to all this pain and suffering and passwords and retinal scanners and whatever. 00:25.000 --> 00:34.900 And to help us keep our mind in the right place what we turn to is something called the CIA of security. 00:35.050 --> 00:37.880 No no no not this kind of CIA. 00:37.960 --> 00:44.710 What we're talking about is the CIA triad of security or the goals of security. 00:44.710 --> 00:49.490 Let's talk about confidentiality integrity and availability. 00:49.600 --> 00:55.550 We always draw the CIA triad of security as a triangle. 00:55.780 --> 01:01.090 Now each point of this triangle points to an important goal of security up top here. 01:01.090 --> 01:08.290 Let's put confidentiality confidentiality as it sounds is simply the goal of keeping data secret from 01:08.290 --> 01:13.120 anyone who doesn't have the need or the right to access that data. 01:13.120 --> 01:15.390 Second is integrity. 01:15.550 --> 01:23.350 Integrity ensures that the data and the systems everything stays in an altered state when stored transmitted 01:23.410 --> 01:30.880 and received equally integrity can talk about things like no unauthorized modification alteration creation 01:30.940 --> 01:32.690 or deletion of the data. 01:33.880 --> 01:38.040 The third one and this is the one we tend to forget is availability. 01:38.170 --> 01:43.920 We have to ensure that systems and data are available to authorize users when needed. 01:43.930 --> 01:45.360 It's so easy to forget that one. 01:45.370 --> 01:47.170 But these are the big three. 01:47.290 --> 01:51.040 The CIA triad is critical for security types. 01:51.040 --> 01:56.410 It's like a mantra that we chant over and over again anytime we're doing anything in the security world 01:56.680 --> 02:00.940 we say to ourselves is this achieving one of the three goals of security. 02:00.960 --> 02:05.950 And it's something you're going to see all over the security plus because it should be there but there's 02:05.950 --> 02:12.280 a problem and the problem is is that a lot of security people feel that the CIA in and of itself really 02:12.280 --> 02:13.450 isn't enough. 02:13.450 --> 02:17.930 So what I'm going to do is I'm going to add a couple more things to our CIA triad. 02:18.160 --> 02:23.020 I'm going to add auditing and accountability and I'm going to add non repudiation. 02:23.020 --> 02:23.920 Let's watch. 02:23.920 --> 02:29.770 The first thing I'd like to add is auditing and accountability now on any accountability simply means 02:29.770 --> 02:35.560 that we've got to keep track of things that go on for example who's been logging in what are they logging 02:35.560 --> 02:37.560 in who's access this data. 02:37.600 --> 02:41.430 Why did somebody come in the gate who's made changes to something. 02:41.620 --> 02:45.790 So we dumped that all into auditing and accountability. 02:45.940 --> 02:48.200 Second is non repudiation. 02:48.340 --> 02:54.580 No not a repudiation to some extent ties into accountability because it basically means that a user 02:54.580 --> 02:57.960 can't deny that they have performed a particular action. 02:58.000 --> 03:03.250 So that does make it something in terms of accountability but there's another aspect not a repudiation 03:03.250 --> 03:06.470 that's very important in the world of communication. 03:06.490 --> 03:14.020 It ensures that a user cannot deny having made some form of communication and that my friends is the 03:14.020 --> 03:18.420 CIA of security even though it's a little bit more than just a CIA. 03:18.430 --> 03:23.350 Make sure you know this for the security plus and for the real life that you're going to run into in 03:23.350 --> 03:44.790 the world of security.