As shown in the figure, the CIA triad consists of three components of information security:
- Confidentiality – Only authorized individuals, entities, or processes can access sensitive information.
- Integrity – This refers to the protection of data from unauthorized alteration.
- Availability – Authorized users must have uninterrupted access to the network resources and data that they require.
Network data can be encrypted (made unreadable to unauthorized users) using various cryptography applications. The conversation between two IP phone users can be encrypted. The files on a computer can also be encrypted. These are just a few examples. Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.
Zero Trust Security
Zero trust is a comprehensive approach to securing all access across networks, applications, and environments. This approach helps secure access from users, end-user devices, APIs, IoT, microservices, containers, and more. It protects an organization’s workforce, workloads, and workplace.
The principle of a zero-trust approach is, “never trust, always verify.” Assume zero trusts any time someone or something requests access to assets. A zero-trust security framework helps to prevent unauthorized access, contain breaches, and reduce the risk of an attacker’s lateral movement through a network.
Traditionally, the network perimeter, or edge, was the boundary between inside and outside, or trusted and untrusted. In a Zero trust approach, any place at which an access control decision is required should be considered a perimeter.
This means that although a user or other entity may have successfully passed access control previously, they are not trusted to access another area or resource until they are authenticated. In some cases, users may be required to authenticate multiple times and in different ways, to gain access to different layers of the network.
The three pillars of zero trust are workforce, workloads, and workplace.
Click on the buttons to learn more about the pillars of zero trust.
#1 Zero Trust for the Workforce
#2 Zero Trust for Workloads
#3 Zero Trust for Workplace
Access Control Models
A security analyst should understand the different basic access control models to have a better understanding of how attackers can break the access controls.
The table lists various types of access control methods.
|Access Control Models||Description|
|Discretionary access control (DAC)||
|Mandatory access control (MAC)||
|Role-based access control (RBAC)||
|Attribute-based access control (ABAC)||ABAC allows access based on attributes of the object (resource) to be accessed, the subject (user) accessing the resource, and environmental factors regarding how the object is to be accessed, such as time of day.|
|Rule-based access control (RBAC)||
|Time-based access control (TAC)||TAC Allows access to network resources based on time and day.|
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.