Friday, January 22, 2010

The Security Triad

When studying for the CompTIA SY0-201 exam, you'll come across three core concepts that are commonly referred to as the security triad.  They are:
  • Confidentiality. The goal of confidentiality is to prevent the unauthorized disclosure of information.
    This is accomplished by controlling access to resources and using encryption to protect the data when it's stored or when it's transferred over the network.
  • Integrity. The goal of Integrity is to verify that data has not been modified. Integrity is commonly enforced by controlling data to prevent it from being modified, and by using hashes.  Enforced by controlling data and using hashes.
  • Availability.  The goal of Availability is to ensure that data and services are available when needed. This includes using backups and using different types of redundancies. This blog talks about disk redundancies, but you can also have server redundancies (with failover clusters) and site reduandicies (hot site, warm site, cold site). 
You'll see confidentiality and integrity referenced with cryptography most often.  Confidentiality can be enforced with encryption and hashing is used to verify integrity.

Good luck with your studies.

Darril

CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide