Table of Content

CIA Triad form the foundation security

Confidentiality

• Only authorized users should be able to access data
• Some information/data is public and can be accessed by anyone, some is secret and should be only accessed by specific people

Integrity

• Data should not be tampered with (modified) by unauthorized users
• Data should be correct and authentic

Availability

• The network/systems should be operational and accessible to authorized users

Vulnerability, Exploit, Threat, Mitigation

• A vulnerability is any potential weakness that can compromise the CIA of a system
  • A potential weakness isn’t a problem on its own
• An exploit is something that can potentially be used to exploit the vulnerability
  • Something that can potentially be used as an exploit isn’t a problem on it’s own
• A threat is the potential of a vulnerability to be exploited
  • A hacker exploiting a vulnerability in your system is a threat
• A mitigation technique is something that can protect against threats
  • Should be implemented everywhere a vulnerability can be exploited: Client devices, servers, switches, routers, firewalls, etc.