Syllabus Point
- Explore fundamental software design security concepts when developing programming code
Including:
- confidentiality
- integrity
- availability
- authentication
- authorisation
- accountability
Understanding the CIA Triad, authentication, authorisation, and accountability is essential for building secure systems that protect sensitive information and maintain trust.
About the CIA triad
An information security model that looks at confidentiality, integrity, and availability, as well as relationships between these principles. Prioritising one principle can mean a tradeoff for others.
Confidentiality
Confidentiality ensures that sensitive data and information is kept private, and is only accessible to authorised users. Can be strengthened with access-control methods (MFA), encryption, authentication, and data classification.
How to ensure confidentiality
- Encrypt sensitive data at rest and in transit
- Use secure communication protocols (eg HTTPS)
Integrity
Ensuring data can be trusted and hasn't been tampered with - accurate, consistent and trustworthy over its entire lifecycle. Maintained through access control, encryption and hashing. Prevents unauthorised modification of data, eg using hashing when sending data.
How to ensure integrity
- Checksums
- Digital signatures
- Hash functions
Availability
Authorised users have efficient access to the information they need when they need it. Designing systems that are resilient to downtime, and have regular maintenance.
Denial of Service (DoS) attacks aim to limit the availability of systems - have bot detection and other mitigations. The application should remain responsive even under heavy traffic or during attacks. Systems can still fail without intentional attack - eg power outages.