1.

Confidentiality
Definition: Confidentiality refers to the protection of information from
unauthorized access or disclosure. It ensures that sensitive data is only
accessible by those with the necessary permissions.

Purpose: The primary goal of confidentiality is to safeguard sensitive information

like personal data, financial records, or proprietary business data from being
accessed by unauthorized users or systems. This is crucial in maintaining trust and
privacy in both personal and business contexts.

Techniques:

Encryption: Encrypting data transforms it into a secure format that can only be
read or decrypted by authorized parties with the correct encryption key.
Access Controls: These include password protections, biometrics, and security
tokens that limit access to sensitive data.
Data Masking: In some cases, sensitive data is "masked" or obfuscated, hiding it
from unauthorized users.
Network Segmentation: Limiting access to sensitive data by separating it within
specific network environments that are only accessible to authorized users.
Example: When you send personal information through a secure website (HTTPS),
encryption protects it from being intercepted and viewed by unauthorized parties.

2. Integrity
Definition: Integrity refers to maintaining the accuracy, consistency, and
trustworthiness of data throughout its lifecycle. It ensures that data remains
unaltered unless changes are made by authorized users.

Purpose: The goal of integrity is to protect information from being modified in

unauthorized ways, whether through accidental changes, data corruption, or
malicious activities. This is vital for ensuring that data remains reliable and
that decisions based on that data are accurate.

Techniques:

Hashing: A cryptographic hash function produces a fixed-size string (hash) from

data. Even a small change in the data will produce a completely different hash,
making it easy to detect tampering.
Checksums: A method used to verify the integrity of files and data by comparing a
computed value (checksum) with the original.
Digital Signatures: A digital signature not only verifies the origin of the data
(authenticity) but also ensures that the data hasn’t been altered in transit.
Version Control: In software development or document management, version control
systems track changes and ensure data integrity by preserving previous versions.
Example: When downloading software, a hash value may be provided. After
downloading, users can check the file’s hash to ensure that it matches the original
and hasn’t been tampered with.

3. Authenticity
Definition: Authenticity ensures that the data, communication, or user is genuine
and has not been impersonated. It verifies that users, messages, and data come from
legitimate sources.

Purpose: The aim of authenticity is to prevent forgery, impersonation, and spoofing

attacks. This is particularly important for sensitive transactions, secure
communication, and digital certificates.

Techniques:
Multi-Factor Authentication (MFA): MFA combines multiple authentication factors
(like a password, a one-time code, or a biometric verification) to verify user
identity.
Digital Certificates: Public key infrastructure (PKI) uses digital certificates to
confirm the identity of parties involved in digital communication.
Cryptographic Signatures: A digital signature verifies the identity of the sender
and ensures the authenticity of a message.
Challenge-Response Authentication: A method where a system challenges the user or
entity to provide information or complete a task that only an authentic party could
successfully perform.
Example: When logging into an online banking system, MFA (like a password and a
code sent to your phone) helps ensure that the person trying to access the account
is authentic.

4. Access Control
Definition: Access control refers to the methods and mechanisms used to regulate
who or what can view or use resources in a computing environment. It ensures that
only authorized entities have access to specific resources, data, or systems.

Purpose: The purpose of access control is to enforce security policies that

restrict access to sensitive data, systems, or physical spaces, ensuring that
unauthorized users cannot gain access to them.

Types of Access Control:

Discretionary Access Control (DAC): Access is based on the identity of the user and
the owner’s discretion. Users are granted permissions based on the access rights
assigned by the owner.
Mandatory Access Control (MAC): Users cannot modify access control settings, and
access decisions are made based on predefined policies set by the system.
Role-Based Access Control (RBAC): Access is determined by the user’s role within an
organization, where roles are assigned specific permissions.
Attribute-Based Access Control (ABAC): Access decisions are based on a variety of
attributes related to users, environments, and resources.
Example: In a corporate environment, different departments (HR, finance, IT) are
given access only to files and systems necessary for their roles, based on access
control policies.

5. Non-Repudiation
Definition: Non-repudiation ensures that once a party in a communication or
transaction has sent a message or performed an action, they cannot deny having done
so. It provides proof of the origin and integrity of data or communication,
protecting against denial of involvement.

Purpose: Non-repudiation is crucial in legal and commercial transactions, where it

is important to prove that a party has acknowledged or agreed to a transaction. It
provides accountability and transparency, especially in financial dealings,
contractual agreements, and secure communications.

Techniques:

Digital Signatures: When a document or message is digitally signed, the sender

cannot later deny their involvement since the signature is unique to them.
Audit Logs: Detailed records of user actions are kept to prove their involvement in
a process or transaction.
Blockchain: Some systems use blockchain to record immutable transactions, ensuring
non-repudiation in decentralized systems.
Example: In e-commerce, when a user digitally signs a contract or approves a
transaction, the system can use a digital signature to prove that the user
initiated or agreed to that transaction, preventing them from later denying it.

6. Authorization
Definition: Authorization is the process of determining what resources a user or
system is permitted to access after they have been authenticated. It defines what
actions or resources are available based on permissions.

Purpose: Authorization ensures that authenticated users or systems are granted

appropriate access to resources based on their permissions, role, or policies. It
helps protect sensitive data and systems from unauthorized use or misuse.

Techniques:

Access Control Lists (ACLs): ACLs specify what operations (read, write, execute) a
user or system can perform on a resource.
Role-Based Access Control (RBAC): Users are authorized based on their role, which
defines the resources and systems they can access.
OAuth and Tokens: OAuth provides a secure method for granting temporary access to
resources, commonly used in web applications.
Policy-Based Authorization: Policies define access rights, specifying what
conditions must be met for a user to gain access to a resource.
Example: After logging into a company's intranet (authentication), an employee is
authorized to access only certain files or systems, depending on their department
or job role.