1 00:00:00,005 --> 00:00:02,002 - [Narrator] Information security professionals 2 00:00:02,002 --> 00:00:04,007 have broad and important responsibilities 3 00:00:04,007 --> 00:00:07,005 for safeguarding the information and systems 4 00:00:07,005 --> 00:00:11,006 that are often an organization's most valuable assets. 5 00:00:11,006 --> 00:00:14,004 When we think of the goals of information security, 6 00:00:14,004 --> 00:00:19,002 we often use a model known as the CIA triad, shown here. 7 00:00:19,002 --> 00:00:22,001 This model highlights the three most important functions 8 00:00:22,001 --> 00:00:25,004 that information security performs in an enterprise: 9 00:00:25,004 --> 00:00:29,006 confidentiality, integrity, and availability. 10 00:00:29,006 --> 00:00:33,009 Confidentiality ensures that only authorized individuals 11 00:00:33,009 --> 00:00:37,002 have access to information and resources. 12 00:00:37,002 --> 00:00:39,008 Confidentiality is what most people think of 13 00:00:39,008 --> 00:00:42,000 when they think about information security, 14 00:00:42,000 --> 00:00:45,000 keeping secrets away from prying eyes. 15 00:00:45,000 --> 00:00:48,002 And in fact, confidentiality is how most 16 00:00:48,002 --> 00:00:51,007 security professionals spend the majority of their time. 17 00:00:51,007 --> 00:00:55,008 Malicious individuals seeking to undermine confidentiality 18 00:00:55,008 --> 00:00:59,002 are often said to engage in disclosure attacks, 19 00:00:59,002 --> 00:01:01,004 making sensitive information available 20 00:01:01,004 --> 00:01:04,001 to individuals or the general public 21 00:01:04,001 --> 00:01:07,007 without the information owner's consent. 22 00:01:07,007 --> 00:01:10,001 Security professionals are also responsible 23 00:01:10,001 --> 00:01:11,006 for protecting the integrity 24 00:01:11,006 --> 00:01:13,009 of an organization's information. 25 00:01:13,009 --> 00:01:16,005 This means that there aren't any unauthorized 26 00:01:16,005 --> 00:01:18,005 changes to information. 27 00:01:18,005 --> 00:01:21,000 These unauthorized changes may come 28 00:01:21,000 --> 00:01:22,006 in the form of a hacker seeking 29 00:01:22,006 --> 00:01:25,001 to intentionally alter information 30 00:01:25,001 --> 00:01:27,005 or a service disruption that accidentally affects 31 00:01:27,005 --> 00:01:29,006 data stored in a system. 32 00:01:29,006 --> 00:01:32,008 In either case, it's the information security professional's 33 00:01:32,008 --> 00:01:37,000 responsibility to prevent these lapses in integrity. 34 00:01:37,000 --> 00:01:39,003 The final goal of information security 35 00:01:39,003 --> 00:01:43,000 is availability, ensuring that authorized individuals 36 00:01:43,000 --> 00:01:45,002 are able to gain access to information 37 00:01:45,002 --> 00:01:47,000 when they need it. 38 00:01:47,000 --> 00:01:49,008 If users can't access important business records 39 00:01:49,008 --> 00:01:52,005 or systems, that lack of availability 40 00:01:52,005 --> 00:01:55,006 may have a profound impact on the business. 41 00:01:55,006 --> 00:01:58,007 Malicious individuals seeking to undermine 42 00:01:58,007 --> 00:02:00,008 availability engage in attacks 43 00:02:00,008 --> 00:02:03,003 known as denial of service attacks. 44 00:02:03,003 --> 00:02:06,007 These attacks try to either overwhelm a system 45 00:02:06,007 --> 00:02:08,004 or cause it to crash, 46 00:02:08,004 --> 00:02:10,008 therefore denying legitimate users 47 00:02:10,008 --> 00:02:12,004 the access that they need.