​Example- encrypting files

• ​the focus on making sure data transmissions are kept private

• ​Keeping information and communications private and protected from unauthorized access

• Includes trade and military secrets, personnel, health, and tax records

• Controlled via encryption, access control, and steganography

​

Confidentiality

​

​

• ​the process of ensuring that the data sent is what arrives to the intended destination

• ​Keeping organizational information accurate, free of errors, and free from unauthorized modification

• Includes modification of test scores or other information stored on network servers

• Controlled via hashing, digital signatures, certificates, and change control

Integrity

​

​

• we have access to the data we need when we need it.

• Ensuring that computer systems operate continuously and that authorized persons can access the data they need

• Includes ensuring that vital data such as radar images are both captured and distributed to airports

• Controlled via redundancy, fault tolerance, and patching

Availability

​

​

• Confidentiality Concerns

• this is any attempt to get access to information on a host or storage device (data at rest) that you are not authorized to view.

• An attacker might steal a password or find an unlocked workstation with a logged-on user account, or they might install some sort of spyware on the host.

Snooping

​

​•this is snooping on data or telephone conversations as they pass over the network.

• It can be relatively easy for an attacker to "tap" a wired network or intercept unencrypted wireless transmissions.

• Networks can use segmentation and encryption to protect data in-transit.

Eavesdropping/Wiretapping

​

​•Snooping on traffic passing over a network is also often called sniffing.

Sniffing

​

​•this means getting users to reveal information while acting like a trusted source

• ​ authority

• intimidation

• consensus

• scarcity

• familiarity

• urgency​

​

​

​

Social Engineering

​

fraudulent emails and websites

Phishing

​

phishing toward a specific user- typically a company executive- CEO

​​Spear-Phishing

​

Gain confidential info over the phone

​​Vishing

phishing attempts via SMS or text messages

​​Smishing