top of page

Midterm Lessons

This section includes the lessons on the CIA Triad as the basis for security systems, classifications of information, data privacy principles, password management systems, principles of access control, and an introduction to cryptography and its types and techniques.

CIA TRIAD

The CIA Triad is a foundational model for security systems, identifying vulnerabilities and providing solutions. These three concepts work together, and the absence of any one of them can compromise the entire information security and assurance process.

  • Confidentiality: Ensures that data is not disclosed to unauthorized individuals or entities.

  • Integrity: Ensures that data remains unaltered and trustworthy, preventing unauthorized tampering or modification.

  • Availability: Ensures that data is accessible and available to authorized users when needed.

cia_triad.png

3 Classifications of Information

data-privacy-example-1024x768.jpg

Personal Information - Information that directly identifies an individual, such as their identity and personal details.

Personal Sensitive Information - Information that carries risks and consequences if shared, and should not be posted on social media.

Privileged Information - Information protected by legal privileges, including spousal testimonial privilege, attorney-client relationship, physician-client relationship, religious confession, and public officer information.

Data Privacy Principles

Transparency - Consent, privacy notice, and policy are necessary, allowing sharing of sensitive information with consent.
Legitimate Purpose - Information processing should align with its intended purpose and not be used beyond that.
Proportionality - Limit the collection of information to what is necessary, avoiding unnecessary requests beyond the intended purpose.

c769f205-3320-4826-a776-615c71d3e602.png

Passwords

Passwords are a basic and affordable way to identify individuals, while password management systems facilitate user registration, authentication, and synchronization, as well as enable password resets and cancellations.

Principles of Access Control
Identity: Verify the user's identity.
Authority: Grant user access privileges.
Accountability: Track, analyze, and report user actions.

Calm Sea

Cryptography

Cryptography is the art of writing or solving codes and, in modern terms, refers to mathematical techniques for securing digital information against attacks. A cryptosystem consists of encryption and decryption algorithms, using keys to transform plaintext into ciphertext and vice versa.

  • Keytext transforms plaintext to ciphertext and vice versa.

  • Plaintext refers to commonly understood text.

  • Ciphertext is encoded information accessible only through decryption.

Types of Cryptography

Symmetric-key cryptography - Uses a single key for encryption and decryption, allowing the sender and receiver to share the same key.

Asymmetric-key cryptography - Involves a public key and a private key. The public key is shared openly, while the private key remains secret for decryption.

Hashing Function - A cryptographic method that generates a checksum for file verification, ensuring data integrity without the ability to reverse the process.

Cryptography
Techniques

Examples of Historical Algorithms:
- Ceasar Ciphers
- Simple Substitution Ciphers
- Transposition Ciphers

​

Examples of Modern Algorithms:
- Stream Ciphers
- Block Ciphers
- Public Key Systems
- Digital Signatures

bottom of page