Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,030 --> 00:00:04,660
Welcome to the practice activity related to CAA Triad.
2
00:00:05,260 --> 00:00:10,480
So in this practice activity, I'm going to share with you a couple of situations and then I'm going
3
00:00:10,480 --> 00:00:16,470
to ask you to identify if you can correctly detect which pillar of CIA has been violated.
4
00:00:16,480 --> 00:00:21,100
It's going to allow you to apply some of the knowledge that you've learned in the previous lecture.
5
00:00:21,850 --> 00:00:22,690
So let's begin.
6
00:00:23,230 --> 00:00:30,400
So let's say you work as a cloud engineer in your enterprise, and your job is basically to maintain
7
00:00:30,400 --> 00:00:33,850
and access the data stored on the cloud for your company.
8
00:00:33,850 --> 00:00:34,150
Right.
9
00:00:34,600 --> 00:00:40,990
So one fine morning, you walk into your office and you want to log in to your system in order to access
10
00:00:40,990 --> 00:00:43,480
the data of your company, which resides on the cloud.
11
00:00:44,020 --> 00:00:49,990
And when you do the log in, you see this error message that your account has been locked due to multiple
12
00:00:49,990 --> 00:00:51,430
failed attempts to log in.
13
00:00:52,120 --> 00:00:57,610
Now, clearly, someone tried to access your account to give the password maybe a couple of times,
14
00:00:57,610 --> 00:01:01,210
and as a security measure, the cloud company has locked your account.
15
00:01:02,170 --> 00:01:06,200
Now, which pillar of CIA has been violated in this instance?
16
00:01:06,220 --> 00:01:07,640
Is it confidentiality?
17
00:01:07,660 --> 00:01:10,240
Is it integrity or is it a availability?
18
00:01:10,750 --> 00:01:12,610
I'm going to wait for a few seconds.
19
00:01:12,610 --> 00:01:15,310
And in the meantime, you can try to come up with the solution.
20
00:01:24,240 --> 00:01:30,810
So in this particular situation, the pillar that has been violated is actually availability.
21
00:01:31,530 --> 00:01:37,410
See, the point is that since your account is locked and imagine if you really need access to some data
22
00:01:37,410 --> 00:01:42,690
immediately, maybe, you know, a client has requested something or one of your applications needs,
23
00:01:42,690 --> 00:01:43,740
you know, some of the data.
24
00:01:44,310 --> 00:01:49,170
So at this point in time, you have an issue of availability of your data, right?
25
00:01:49,470 --> 00:01:54,930
Obviously, you may be able to resolve it eventually by working with the Help Desk or maybe you have
26
00:01:54,930 --> 00:02:00,120
a backup email in order to reset your password or, you know, it could be any other mechanism.
27
00:02:00,120 --> 00:02:05,640
But at this point in time, it's a bit of, you know, problem of availability.
28
00:02:06,360 --> 00:02:11,910
Now, your confidentiality and integrity has not been violated, or at least that you know of, because
29
00:02:11,910 --> 00:02:15,480
you don't have any proof that someone actually gained access to your account.
30
00:02:16,020 --> 00:02:22,260
A noteworthy indication is that two, basically they had failed attempts to they were not able to actually
31
00:02:22,260 --> 00:02:23,370
log into your system.
32
00:02:23,790 --> 00:02:29,750
So your confidentiality of your data as well as integrity of your data can be assumed to be, you know,
33
00:02:29,790 --> 00:02:30,510
still intact.
34
00:02:31,380 --> 00:02:32,800
So that was the first situation.
35
00:02:32,820 --> 00:02:34,980
Let's see if you can solve the second one.
36
00:02:37,040 --> 00:02:42,710
Now let's say you're working in your office and you know, you have to send out an email to some of
37
00:02:42,710 --> 00:02:44,480
the employees in your organization.
38
00:02:45,020 --> 00:02:51,080
And this email basically contains some confidential data or, you know, proprietary information of
39
00:02:51,080 --> 00:02:51,650
your company.
40
00:02:52,340 --> 00:02:56,840
So what you do is that you write your email and you send it to all these people.
41
00:02:57,440 --> 00:03:01,520
But by accident, you also included someone from another organization.
42
00:03:02,150 --> 00:03:05,600
And now they have also received a copy of that email.
43
00:03:06,170 --> 00:03:10,070
Not in this situation, which pillar of CIA has been violated?
44
00:03:10,640 --> 00:03:12,290
I'm going to wait a couple of seconds.
45
00:03:20,400 --> 00:03:24,150
So the correct answer in this situation is confidentiality.
46
00:03:25,050 --> 00:03:31,890
See confidentiality is when someone who's not authorized access to certain classified information gains
47
00:03:31,890 --> 00:03:32,640
access to it.
48
00:03:33,250 --> 00:03:38,580
Now, this doesn't matter whether that person is going to actually, you know, exploit that information
49
00:03:38,580 --> 00:03:39,030
or not.
50
00:03:39,570 --> 00:03:43,980
At this point in time, the confidentiality of your data has been compromised.
51
00:03:44,550 --> 00:03:47,910
Okay, let's move on to the third situation.
52
00:03:48,330 --> 00:03:54,450
So once again, assume that you work as a cloud engineer at your company and you manage the data hosted
53
00:03:54,450 --> 00:03:55,710
on the cloud for your company.
54
00:03:55,710 --> 00:03:56,070
Right.
55
00:03:56,430 --> 00:04:02,190
So during the night, what happened was that an attacker was able to get write access to your database
56
00:04:02,460 --> 00:04:07,830
and he was able to insert some malicious records or some malicious documents in your database.
57
00:04:08,610 --> 00:04:12,750
He was not able to actually read any of the data, but he did get write access.
58
00:04:12,750 --> 00:04:14,730
So he inserted some malicious records.
59
00:04:14,760 --> 00:04:21,720
So in the morning when you come and you run your daily data verification checks, it sends you an alert
60
00:04:22,260 --> 00:04:24,180
that there is some problem with the data.
61
00:04:24,690 --> 00:04:27,990
So in this situation, which pillar of CIA has been violated?
62
00:04:27,990 --> 00:04:31,410
Is it confidentiality, integrity or availability?
63
00:04:31,440 --> 00:04:33,420
I'm going to wait a couple of seconds.
64
00:04:39,140 --> 00:04:41,330
So the correct answer is integrity.
65
00:04:42,180 --> 00:04:47,180
See, the confidentiality has not been compromised because, as I said, they were not able to get any
66
00:04:47,180 --> 00:04:50,450
read access, so they were not able to actually read any of your data.
67
00:04:50,900 --> 00:04:54,140
So they were not able to compromise the confidentiality.
68
00:04:54,170 --> 00:04:58,640
They did get write access and they were able to insert some records in your database.
69
00:04:59,060 --> 00:05:01,570
So now you cannot trust the data to be valid, right?
70
00:05:01,580 --> 00:05:04,280
So the integrity of data has been violated.
71
00:05:04,850 --> 00:05:07,400
And as regarding availability, there is no issue.
72
00:05:07,460 --> 00:05:09,560
You have access to your data still, right?
73
00:05:10,010 --> 00:05:13,760
So the right answer for this situation was integrity.
74
00:05:14,420 --> 00:05:20,510
So I hope these practice activities have given you some tips and insights into to be able to discern,
75
00:05:20,510 --> 00:05:23,780
you know, which pillar of CIA is violated in different situations.
76
00:05:24,740 --> 00:05:25,220
Thank you.
77
00:05:25,220 --> 00:05:26,570
And I'll see you in the next lecture.
7824
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.