What are the five pillars of cyber security?

There are five pillars of cyber security:

• Confidentiality

• Integrity

• Availability

• Authenticity

• Non-repudiation

Confidentiality

Confidentiality means that the user's data is secure. It is an assurance to the user's that their data will not be disclosed to unauthorized entities without their consent. In addition to this, it also means that the data will be encrypted so that it can't be accessed by third parties. An example of confidentiality from our daily life would be when we message someone on Whatsapp. Only the person who sends it and who receives it can read the messages because they are encrypted from end to end.

Integrity

Integrity means that the data is not tampered with. It means the completeness and accuracy of data. This means that if a company has the user's data, they need to ensure that the data doesn't get corrupted in any form of transmission and that any unauthorized entity doesn't alter the data in storage. This also means that any change made by a user should be reflected in the system correctly. Let's understand the importance of this principle with this example. Let's assume that there are two friends talking to each other via messages. If the message leaves from the first person before it reaches the receiver, the message is changed by a third party. Then that would be a massive breach. So, this principle ensures that something like this doesn't occur.

Availability

Availability means that the user has timely and easy access to their data. This means that if the company has a user's data, they need to ensure that the user can always access the data, even in case of server failure or any database faults. This also means that the company needs to protect its servers or database from malicious attacks which can block data transmission. So, the system needs to have countermeasures against attacks like DDOS, ransomware, blackout, and many more. This is a very important principle for user satisfaction. Let's take an example of a bank. How would the users of the bank feel if they can't access their bank accounts through the app. So, the bank needs to ensure that their users can access their resources at all time.

Authenticity

Authenticity means verifying users and protecting against third-party entities pretending to be a user. So, the system which sends the data needs to first verify the user's credentials before letting them access the resources. Verification can be done by email, username, passwords, or some other metrics, but it needs to be done in such a way that someone else can't replicate it. A very simple example of authenticity is when we log in to our social media apps with our credentials and unless someone steals our credentials they cannot access our account.

Non-repudiation

Non-repudiation means verifying a transmission. This pillar ensures that the system sending the data is provided with some sort of proof of delivery. It also means that the system which receives the data gets some authentication to verify where the data came from. This pillar ensures that any parties involved in data transmission can't deny sending, receiving, or accessing the data. An example is that when you are talking to someone via messages or calls, this principle ensures that the information is being sent to the correct person and that the transmission is not blocked by any third party.