I’ve decided to start this new cyber series to help people that want to get into cybersecurity. In the series, I’ll go through different concepts that I have been taught or learnt from experience and I’ll break it down so it’s easy to understand.
The most fundamental thing you should understand is the C.I.A triad. C.I.A stands for Confidentiality, Integrity and Availability. This is used as a guide to help a business secure information. Let’s focus on the ‘C’ part of this triad.
Confidentiality is the protection of data from people that have no business knowing what that data contains. I can’t lie, if someone was to go through the notes app on my phone, they’ll either end up a billionaire or call me a therapist. I have some great ideas on that app and I can’t let just any Temi, Femi or Gbemi have access to it. This is why confidentiality is important as it protects data from people it’s not intended for. Ladies, this also applies to those WhatsApp group chats. How do you have a group chat for your group chat (don’t ask me how I know)? I feel like you’re all in the wrong fields, come over to this side.
There are different ways in which confidentiality is implemented:
Encryption is one method used to put confidentiality into practice. It works by converting readable text into unreadable text, this ensures that if someone was trying to steal the encrypted data they’ll be unable to read it. Services like WhatsApp use end-to-end encryption that will prevent others from seeing the messages sent from one phone to another.
Categorising data based on their privacy requirements – you may have seen tags such as confidential, top secret, public or internal only, this determines what level of security you place on data. If a piece of data is public then no security will be needed on it. However, if the data is top secret it would require multiple levels of security to ensure its safety.
Access Control allows you to control and manage who has access to what data; think of it like the close friends feature on Instagram. You select only the people you want to have access to view your content. And it’s similar in the work place, there will be some applications that you won’t have access to because of the sensitive data it contains.
Frameworks,I’m sure we have all heard of GDPR (General Data Protection Regulation). There are also other frameworks such as PCI-DSS (Payment Card Industry Data Security Standard)and HIPAA (Health Insurance Portability and Accountability Act). These frameworks ensure that businesses have the right security controls in place in order to protect their customer data. PCI-DSS is required by companies that hold customer card (debit/credit) data, so banks need to make sure they have this. HIPAA is required by businesses that hold health information, so private hospitals or NHS will need to adhere to this.
Remember that the CIA triad is not the be all and end all of security but it is a great start in building a robust strategy. I hope this blog was useful and I’ll cover the ‘ I ‘ and the ‘ A ‘ parts in the next blog.
Love & Guidance
TT
The TT Protocol 
Cheers for this. The cyber security field is definitely on my radar.
LikeLike