RC-CyberEdge | cybersecurity

RUST COLLEGE HAS PARTNERED WITH NISSAN TO CREATE THE NISSAN-RC CYBERSECURITY SIMULATION LAB

The 7 Pillars of Cybersecurity

The 7 Pillars of Cybersecurity:

Protecting Your Digital World In order to understand cybersecurity let's first dive into the security framework that can help strengthen your digital protection.This security framework, which is known as "CIANA + PS" covers seven key areas:

These principles ensure that information remains secure, reliable and accessible. Let's break this down a little bit further and begin with what is known as the CIA triad. The CIA Triad is a foundational model in cybersecurity that represents the three core principles of information security: Confidentiality, Integrity, and Availability. 

The CIA Triad: The Foundation of Cybersecurity

The CIA Triad is a security model designed to guide policies for information security within organizations.It consists of three key principles:

1. Confidentiality:

Protecting Data from Unauthorized Access Definition: Confidentiality ensures that sensitive information is only accessible to authorized individuals. It prevents unauthorized users, hackers, or insiders from accessing or disclosing data.

Key Strategies to Maintain Confidentiality:

Encryption:

Converts data into a coded format that only authorized users can decrypt.

Access Controls:

Uses authentication methods like passwords, biometrics, and multi-factor authentication (MFA).

Data Masking & Tokenization:

Hides sensitive data from unauthorized users.

Least Privilege Principle:

Users only get access to the minimum necessary data for their role.

Real-World Example:

Online banking platforms use encryption and MFA to ensure only the account holder can access their financial data.

2. Integrity: Ensuring Accuracy & Trustworthiness of Data Definition:

Integrity ensures that information remains accurate, complete, and unaltered unless modified by authorized individuals. It prevents unauthorized modifications, whether intentional or accidental.

Key Strategies to Maintain Integrity:

Screenshot 2025-03-07 at 11.18.16 AM.png

Hashing:

Converts data into a unique string of characters (hash value) that changes if the data is altered.

Screenshot 2025-03-07 at 11.18.24 AM.png

Checksums & Digital Signatures:

Detect and verify changes in transmitted data.

Access Control & Logging:

Tracks and monitors changes to prevent unauthorized alterations.

Screenshot 2025-03-07 at 11.18.41 AM.png

Data Backups & Redundancy:

Prevents data loss from corruption or cyberattacks.

Real-World Example:

When you download software, integrity checks ensure that the file hasn’t been tampered with by hackers.

3. Availability: Ensuring Reliable Access to Data & Systems Definition:

Availability ensures that data and resources are accessible when needed, without disruption from cyber threats, hardware failures, or other interruptions.

Key Strategies to Maintain Integrity:

Screenshot 2025-03-07 at 11.27.19 AM.png

Redundant Systems & Backups:

Ensures access even during failures.

Screenshot 2025-03-07 at 11.27.25 AM.png

DDoS Protection:

Prevents malicious attacks that overload systems.

Screenshot 2025-03-07 at 11.27.31 AM.png

Disaster Recovery & Incident Response Plans:

Keeps operations running in case of outages.

Screenshot 2025-03-07 at 11.27.38 AM.png

Regular Software & Hardware Maintenance:

Prevents system crashes and vulnerabilities.

Real-World Example:
Cloud storage services (like Google Drive) use backup servers to ensure files remain available even if one data center fails.

By implementing the CIA Triad, businesses and individuals can strengthen cybersecurity and protect critical information from evolving threats.

Now let's move on to Nonrepudiation and Authentication. In cybersecurity, Non-Repudiation and Authentication are critical security principles that help ensure data integrity, accountability, and trust in digital transactions. Let’s break them down in detail:

4. Non-Repudiation: Ensuring Accountability in Digital Actions Definition:

Non-repudiation is a security principle that prevents an entity (user or system) from denying their actions or transactions after they have taken place. It ensures that there is undeniable proof that an action was performed by a specific entity.

How Non-Repudiation Works:
Non-repudiation is achieved through digital evidence that links actions to users, preventing them from falsely claiming they did not perform a specific transaction.

Key Mechanisms for Non-Repudiation:

Digital Signatures

Uses cryptographic algorithms to verify the authenticity and origin of digital messages or documents.
Example: When you e-sign a contract, a cryptographic hash ensures it hasn’t been altered.

Public Key Infrastructure (PKI)

A framework that uses encryption keys to validate identities and ensure the authenticity of digital communications.
Example: SSL/TLS certificates in secure web transactions.

Audit Logs and Event Tracking

Records user actions, timestamps, and system events to create an evidence trail.
Example: Bank systems log every online transaction to prove user activity.

Time Stamping Services

Attaches an immutable timestamp to a transaction to confirm when it took place.
Example: Email timestamps that confirm when a message was sent and received.

Real-World Example:

Imagine an employee digitally signs a financial report before submitting it. If a dispute arises later, the digital signature proves that they were the author and cannot deny submitting it.

5. Authentication: Verifying Identities Before Granting Access Definition:

Authentication is the process of verifying the identity of users, devices, or systems before granting them access to resources. It ensures that only authorized individuals can interact with a system.

Types of Authentication:
Authentication is generally classified into three categories:

Something You Know (Knowledge-Based Authentication) Requires users to provide information only they know. Examples: Passwords, PINs, security questions.
Something You Have (Possession-Based Authentication) Uses a physical device or token to verify identity. Examples: Smart cards, OTPs (one-time passwords), authentication apps, security tokens.
Something You Are (Biometric Authentication)Uses unique biological traits for verification. Examples: Fingerprint scanning, facial recognition, retina scanning.

Real-World Example:

When logging into an online banking app, you might enter your password (something you know) and then receive a one-time code (OTP) on your phone (something you have) to confirm your identity.

By implementing Non-Repudiation and Authentication together, organizations can create a secure, verifiable, and tamper-proof environment for their digital operations.

Let's not forget the importance Privacy and Safety. In the digital world, Privacy and Safety are critical aspects of cybersecurity that protect individuals and organizations from threats such as data breaches, identity theft, and cyberattacks. While privacy focuses on controlling access to personal data, safety ensures that users remain protected from harm in online and digital environments. Let’s explore both concepts in detail.

6. Privacy: Controlling Access to Personal and Sensitive Information What is Privacy?:

Privacy refers to the right of individuals and organizations to control their personal data, ensuring that information is only shared with authorized parties. It involves protecting sensitive details such as names, addresses, social security numbers, financial records, and medical history.

Key Principles of Privacy (Fair Information Practices – FIPPs):
✔ Data Minimization: Collect only the necessary data.
✔ Purpose Limitation: Use data only for the intended purpose.
✔ Consent & Control: Users should have control over their information.
✔ Transparency: Organizations must disclose how they handle data.
✔ Security & Protection: Data must be safeguarded from unauthorized access.

How to Protect Privacy:

✔ Use Strong Passwords & Multi-Factor Authentication (MFA).
✔Limit Personal Information Shared Online.
✔ Check Privacy Settings on Social Media & Apps.
✔ Use End-to-End Encryption for Communication.
✔ Be Cautious About Public Wi-Fi Networks.
✔ Understand & Exercise Data Rights (GDPR, CCPA).

Real-World Example:

The Facebook–Cambridge Analytica scandal exposed how millions of users' personal data were collected without consent and used for political profiling. This incident raised global concerns about data privacy and regulation.

7. Safety: Protecting Users from Cyber Threats and Digital Harm What is Safety in Cybersecurity?

Safety focuses on protecting individuals, organizations, and systems from cyber threats, digital manipulation, and malicious activities. It involves safeguarding both physical and psychological well-being from digital risks.

Key Elements of Cyber Safety:
✔ Safe Online Behavior: Educating users about risks and safe browsing practices.
✔ Protection from Cyberbullying & Harassment: Ensuring digital spaces are free from threats.
✔ System & Network Security: Keeping devices and networks protected from intrusions.
✔ Resilience Against Attacks: Developing strategies to recover from cyber incidents.

How to Stay Safe Online:

✔ Keep Software & Devices Updated to Fix Security Vulnerabilities.
✔ Avoid Clicking Suspicious Links or Downloading Unknown Files.
✔ Use Firewalls & Antivirus Software for Protection.
✔ Be Aware of Scams and Social Engineering Tactics.
✔ Secure IoT Devices with Strong Passwords & Updates.
✔ Educate Employees & Users About Cyber Safety Best Practices.

Real-World Example:

In 2021, a ransomware attack on Colonial Pipeline led to fuel shortages across the U.S. The attackers exploited a weak password, disrupting critical infrastructure and demonstrating the importance of strong cyber safety practices.

Final Thoughts

Privacy and safety are essential in today's connected world, where cyber threats are constantly evolving. By adopting privacy-conscious behaviors and implementing strong safety measures, individuals and organizations can reduce risks and maintain control over their digital lives.