Security Principles

Sylvester (ANBU)Sylvester (ANBU)
4 min read

🛡️ Understanding Security: CIA, DAD, and Security Models

🔐 Introduction to Security

Everyone talks about security—but what does it actually mean?

Before applying security measures, we must know who we're protecting against. Are we trying to stop a toddler from accessing our laptop? Or a hacker trying to steal millions of dollars worth of data?

🔑 Security is not one-size-fits-all. We choose protections based on the level of threat.

And remember: No system is 100% secure. But our goal is to make it harder for attackers to succeed.

🔺 CIA Triad – The Foundation of Security

Security is built on three core principles, known as the CIA Triad:

🔒 1. Confidentiality

Only authorized people should access sensitive data.

  • Example (Shopping): Your credit card info must be visible only to the payment system.

  • Example (Medical): Doctors must keep your medical records private.

🧩 2. Integrity

The data should stay correct and unchanged unless by authorized people.

  • Example (Shopping): An attacker shouldn’t be able to change your shipping address.

  • Example (Medical): Changing a patient’s record could lead to dangerous treatment.

⚙️ 3. Availability

The system and data must be available when needed.

  • Example (Shopping): You can't order if the website is down.

  • Example (Medical): Doctors must be able to access patient records during checkups.

💡 Balance is key: Too much focus on one can weaken the others.

❌ DAD Triad – The Attacker’s Goals

The DAD Triad shows what attackers try to do:

🔓 1. Disclosure (opposite of Confidentiality)

  • Stealing or leaking private data.

  • Example: Publishing stolen medical records online.

✏️ 2. Alteration (opposite of Integrity)

  • Changing data without permission.

  • Example: Modifying patient treatment info.

🛑 3. Destruction/Denial (opposite of Availability)

  • Making systems unavailable.

  • Example: Ransomware crashes hospital systems, halting treatment.

🛡️ Defending against DAD = Preserving CIA.

🧠 Security Models: How to Build Secure Systems

Security models give us rules and blueprints for building secure systems. Here are three key models:

🔐 Bell-LaPadula Model (Focus: Confidentiality)

  • No Read Up: Lower-level users can't read top-secret data.

  • No Write Down: High-level users can't leak data to lower levels.

  • 📌 Summary: Read Down, Write Up

🛡️ Biba Model (Focus: Integrity)

  • No Read Down: High-trust systems can't read low-trust data.

  • No Write Up: Low-trust users can't write to important files.

  • 📌 Summary: Read Up, Write Down

✅ Clark-Wilson Model (Focus: Integrity via Rules)

  • CDI (Constrained Data Item): Critical data to protect.

  • UDI (Unconstrained Data Item): Input from outside.

  • TPs (Transformation Procedures): Safe ways to change data.

  • IVPs (Integrity Verification Procedures): Ensure data is still valid.

🧱 Other Models: Brewer-Nash, Graham-Denning, Harrison-Ruzzo-Ullman, etc.

🏰 Defence-in-Depth – Layered Security

Defence-in-Depth means protecting your system using multiple layers, like this:

  1. Locked drawer

  2. Locked room

  3. Locked apartment

  4. Locked building gate

  5. Security cameras

Each layer slows down or blocks the attacker. Even if one layer fails, others stand in the way.

🎯 Goal: Delay attackers and give yourself more time to stop them.

🔏 Beyond CIA: Authenticity & Nonrepudiation

✅ Authenticity

Ensures the data is real and from a trusted source.

🚫 Nonrepudiation

Prevents someone from denying they did something (like placing an order).

  • Example: A company can't afford to send 1000 cars and then find out the order was fake!

🔷 The Parkerian Hexad – Six Elements of Security

  1. Confidentiality

  2. Integrity

  3. Availability

  4. Authenticity

  5. Utility – Is the data still useful?

    • Example: Lost encryption key = Useless data.

  6. Possession – Do you still control the data?

    • Example: Hacker steals your backup drive.

📌 Final Thoughts

Security is not about just locking one door—it’s about multiple layers, smart rules, and balanced protection.

🧠 Think like an attacker to build stronger defence.

Let me know if you want:

  • Matching images or infographics

  • SEO titles and meta descriptions

  • A short intro or conclusion for your blog

  • Quiz questions or a PDF summary

0
Subscribe to my newsletter

Read articles from Sylvester (ANBU) directly inside your inbox. Subscribe to the newsletter, and don't miss out.

asblackhole#cybersecuritysecurityprinciples

Written by

Sylvester (ANBU)
Sylvester (ANBU)

This blog serves as a beginner-friendly guide to understanding the world of cybersecurity. From defining what cybersecurity is to exploring its two major domains—offensive and defensive security—it breaks down various career paths such as Security Analyst, Engineer, Penetration Tester, and more. Whether you're just curious or planning a career, this blog gives you the insight and direction to get started in the cybersecurity field.