In this post, we’re going to look at some of the basics of cybersecurity that some people are forgetting.
When most people hear anything about cybersecurity, they think of encryption and locking down systems so hackers can’t steal data.
But there’s much more to security than keeping bad guys out.

Before we begin, let’s briefly explain

What are the basics of cyber security?
While the topic of cybersecurity is a vast topic, it can be broken into three cornerstone areas. 1) Confidentiality – making sure data is protected. 2) Integrity – making sure data isn’t tampered with 3) Availability – making sure resources are always available

There’s a model that security professionals have developed to explain this concept – the CIA Triangle.

The C-I-A Triad

When we talk about information security, we are talking about security data.
There are actually three components that form the basics of cybersecurity – confidentiality, integrity, and availability.
We could write a book on this topic.
Let’s briefly discuss each of these so you understand what you’re actually trying to achieve in your security program.

Confidentiality – Basic Cybersecurity Cornerstone #1

Confidentiality is the security foundation that most people immediately think about when they hear cybersecurity.
In security, confidentiality is simply keeping private information private. That is preventing unauthorized access.

Here’s an analogy that may simplify the point.
In the military, they have different classification levels,
Secret, Top-Secret, etc.
The whole point in the classification levels that they use is to keep information a secret.
Only the people with a “need to know” have access to it.
Confidentiality in information security works the same way.

There are numerous ways that an organization can go about enforcing confidentiality.
Organizations use encryption, two-factor authentication, classification systems, and many more.
So, that’s the first pillar in the basics of cybersecurity, let’s talk about the next – integrity.

Integrity – Basic Cybersecurity Cornerstone #2

Integrity in information security means making sure that data is trustworthy and has not been altered.
This includes both data at rest (files on computers or servers) and data in motion (internet browsing, email browsing).
Think about a medical practice.
They see a patient, look through their charts, and come to the conclusion the patient has some heart condition.
Now, the patient returns later because they have some other sickness – a cold, stomach virus, etc.
When the medical practitioner views the records, there is no note about the heart condition.
They begin to wonder if the medical record is accurate or if it’s been changed.
This is a compromise of integrity.
And now you understand why the ramifications can be so great.

Back to information security.
Within this concept of integrity, you want to me sure that your data hasn’t been changed, deleted, or otherwise tampered.
There are many ways to go about ensuring integrity.
The use of encryption is one way.
When we talk about files, file permissions are another control that can help with integrity.
If we can be assured that only certain people are even able to edit a file, we reduce some integrity risks.

Availability – Basic Cybersecurity Cornerstone #3

The final major cornerstone in information security is availability.
Here’s a quick story that will help you understand the availability cybersecurity issue.
There’s a consultant that helps organizations figure out how to respond to and thrive during disasters.
He asked them if they had a backup plan in place to which they, of course, responded yes.
So, he put their plan to the test.
Next morning, he arrives at the facility 30 minutes before everyone else.
He proceeds to put yellow crime tape around each of the building’s six entrances.
As workers arrived, he asked them what they should do; nearly everyone answered that they should initiate the business continuity plan.
The only problem?
The plan was inside of the building.

So, that may be a little bit of an extreme example, but it addresses the point of availability.
As security professionals, part of our job is to ensure that the business has the technical resources they need at all times.
This can come in so many ways – having enough bandwidth, fending off DDoS attacks, providing backups in case of system failures, and so much more.

We see inadequate planning of availability so often with ransomware attacks.
When the victims are faced with the dilemma, they choose to pay the ransom.
Many times this is because they either don’t have proper backups that they can restore from or their backups will take too long to get.
This is not how you should address the availability needs of your business.
While availability is definitely one of the basics of cybersecurity, so many organizations are getting it wrong and it ends up costing them greatly.
So, be sure you have and test plans to make your company’s IT resources always available.

Conclusion

While the topic of information security is too often made out to be so complex, it can easily be broken into three cornerstones.
Confidentiality, availability, and integrity are the foundational concepts of security.
Really, all of the expensive controls that we implement are meant to protect these three cornerstones that are the basics of cybersecurity

SMB CYBERSECURITY BASICS ASSESSMENT

Leave a Reply

Your email address will not be published. Required fields are marked *

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
close-link
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared
close-link
LET'S FIGURE OUT HOW TO HELP YOU BECOME A CYBER HERO + FREE STUFF!

Reasons to Subscribe to the CyberX Email List:

 
CLICK HERE TO SUBSCRIBE

 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 
 

close-link

Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 
 
DOWNLOAD THE FREE GUIDE
close-link

Download the SMB Cybersecurity Basics Guide

Want to save this guide for later? Tell us which email address to send it to.
DOWNLOAD THE FREE GUIDE
close-link
SMB Cyber (Virtual) Summit - April 27 - May 1 - Registration Open
Send Me A Free Pass
close-image

SAVE MY SPOT!