Goals of Cybersecurity
Staying safe when using technology has become as important as being safe in the physical world.
Cybersecurity is broad term that encapsulates two fundamental domains and various subdomains.
- Network Architecture
- Software Applications
- App Development
- Machine Learning
- Artificial Intelligence
These are very simplistic distinctions, however, they are helpful in our understanding of the broader picture of security because the lines between information security, application security, and even between cybersecurity and physical security are becoming increasingly blurry. These domains and the various subdomains or disciplines that relate to them are converging more and more to the point where even the domain of privacy, which traditionally was separate from security, has now become to be a security risk in a technological driven world.
When we zoom in on the idea of cybersecurity itself and the landscape of the domains and the disciplines that are related to it, it expands dramatically. This mind map was created by Henry Jiang. It’s a popular model for the various specialties and sub-specialties in cybersecurity. People can spend their entire career specializing in just one of the nodes on this map and there are likely many more nodes that we could add to this diagram.
Luckily, at a business level, we don’t need to fill our heads with all the complex details. What we do need to now however, are the main theoretical concepts, future potential risks and how cybersecurity practices can help manifest and mitigate them.
The C-I-A triad
The main goals of Cyber Security have been traditionally reflected by the C-I-A triad, which stands for Confidentiality, Integrity, and Availability.
Confidentiality means keeping restrictions on information disclosure, thus limiting access to only authorized users. We only want the people who we trust and are authorized to have access to certain information, such as personal health information (PHI), or personally identifiable information (PII) like national insurance numbers, birthdays, addresses, as well as governmental information, classified information and sensitive data.
The second goal of the triad is integrity, which addresses the concern that sensitive data has not been modified or deleted by an unauthorized user or in an undetected manner. Databases are a good example in this case, as they are key technological components that drive our hyper-connected world. Tampering database information for profit or fun has been a common method of cyber attacks for many years. It is also indeed very common for integrity problems to arise by mistake or error, which makes administrators be very careful with whom they designate as an authorized person when dealing with important or sensitive databases.
Finally, there is also availability, which ensures timely and reliable access towards and the use of information. Although most of are aware of the interconnecting technology that makes things possible, but most of us don’t know how it really works and what makes the abundance of information and content actually available. When availability issues occur, not having access to important information when needed can have negative impacts of many kinds, whether on personal life matters, professional or organiosational.
That is an overview of the CIA Triad as it is traditionally drawn. However, with the rise of IoT or Internet of Things devices, the CIA Triad has begun to be modified in popular representations as a CIAS triad. So the three original goals are still just as important when it comes to technologies like smart TVs, doorbell cameras, Internet-enabled baby monitors and toys.
However, many IoT devices control machinery or manufacturing equipment. So when issues arise with these new technologies, there is a distinct and very real concern for human safety, and safety addresses reducing risks associated with embedded technologies or IoT technologies that could fail or somehow be manipulated by nefarious actors.
Some industries and some use cases are going to be more concerned with certain aspects of confidentiality, integrity, availability, and or safety. However, there’s a lot of overlap, a significant amount of overlap between all of them.
When we think back to the mind-map of cybersecurity that we talked about in our very first lecture, it becomes clear that aligning these overarching goals across that dizzying number of specialty activities and technologies in the landscape of cybersecurity is going to be critically important if we have any shot of trying to reach these goals that we originally set out for.