Tag: cissp

CISSP – Domain 1 – Security and Risk Management

admin

Which of the following most closely resembles – “”seeks to prevent unauthorized modification of information?”

Integral

Integrity

Confidential

Secret

Integrity seeks to prevent unauthorized modification of information.

The goal of Integrity is to prevent unauthorized modification of information. The modification can be from an authorized person making an unauthorized, or simply erroneous, update. It could also be safeguarding an unauthorized person from making an update. Either way Integrity ensures there are no unauthorized changes to data. The cybersecurity professional needs to be aware of two types of integrity: data integrity and system integrity. Data integrity seeks to protect data; system integrity seeks to protect the computer system. ( Think a Redhat server. ) Getting back to the medical field, authorized individuals make unauthorized updates to patient information on a daily basis. Do a Google search for “die from wrong blood type”.

In a more down to earth example think of the many transactions that happen at a typical bank branch in a day.  Bank customers expect their transactions to be accurate.  The balance should always reconcile no matter how many transactions in a given month, or the value of the transactions.  The value of the funds withdrawn and the value of the funds deposited need to be consistent.  This is a function of integrity.

Several technologies exist that support preserving Integrity.  A digital signature provides for the authenticity of digital messages, which among other things, ensures that the message was not altered in transit.  A rather old technology that has been used in everything from transmission with modems to storing data in RAID 5 is parity bits.  Checksums are similar to parity bits.  A checksum is a block of digital data that is used to detect errors which may have been introduced during transmission or storage.  Each of these ensure Integrity of data for the user.

CISSP – Confidentiality

admin

Which of the following best represents the description – “seeks to prevent the unauthorized disclosure of information”?

So our choices for this questions are:

Confidentiality

Integrity

Secret

Private

The answer is ……. Confidentiality.

Confidentiality

The purpose of confidentiality is to inhibit the unauthorized disclosure of information, which makes Disclosure an opposite of Confidentiality. The cybersecurity professional must keep data secret. So we need to keep unauthorized people/systems from accessing data they have no business seeing. Many times confidentiality is associated with safeguarding PII or Personally Identifiable Information.  PII can take on many forms such as credit card information, social security number, drivers license number, or any number of other data that can personally identify an  individual.

Data must be safeguarded such that only users who have clearance, formal approval, and the need to know. Need to know is an interesting qualifier as some users withing an organization may have clearance to data but no real need to know. This happens frequently in top secret government locations. Without need to know, users are not allowed to see data they may have clearance to view.

Privacy is closely associated with Confidentiality. Numerous countries around the world have laws specifically geared to protecting the privacy of their citizens. The United States is not one of them. Instead there are a piece meal of regulations such as HIPAA, Sarbanes–Oxley, and Gramm–Leach–Bliley that provide a rudimentary foundation for privacy. The Health Insurance Portability and Accountability Act (HIPAA) is specific to the medial field. It requires medical providers keep the medical information of their patients private. To some extent it makes working with your provider more difficult as you have to specifically indicate who they can talk to about your condition, including your spouse. Now for some, I can see where that could be an issue. ( Think of a spouse that has something to hide, perhaps about certain of their activities. ) For me, it is just a pain that I have to fill out more paperwork, but the intent is Safeguarding Confidentiality.