Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
What are the CIA triad, AAA, and Non-repudiation in Cybersecurity? CompTIA Security Plus 701 - 1.2 | Ken Underhill - Cybersecurity Training | YouTubeToText
YouTube Transcript: What are the CIA triad, AAA, and Non-repudiation in Cybersecurity? CompTIA Security Plus 701 - 1.2
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
hey everyone in this video I'm going to
go over some of the concepts you need
for compa Security Plus the 701 version
of the exam the one of the objectives under
under
1.2 um and uh you can go ahead and just
look that up if you're not familiar with
the exam objectives for Security Plus so
some of the things we're going to cover
in this video include the CIA Triad
what's called AAA so no that's not the
uh the people that come on the side of
the road and fix your car um this is a
different type of AAA we'll also talk about
about
non-repudiation and and we'll do a brief
overview of Gap analysis as well so it's
kind of weird how CompTIA has some of
these things like wrapped into the same
um exam objective topic area if you will
but we'll talk about all those things in
this particular video so again CIA Triad
which stands for confidentiality
integrity and availability we'll talk
about non-repudiation we'll talk about
AAA I'll talk about what all that is
we'll also talk about Gap analysis like
I said so let's just Dive Right In and
talk about the CIA Triad so CIA Triad
stands for confidentiality integration
integrity and
availability so confidentiality really
with that we're just making sure that
the right people the right applications
the right systems are getting access to
the things that they're actually able to
you know that that they're authorized to
like see right whether that's data Etc
but preventing anything else from
getting access to that right so the
whole goal with that is to help protect
sensitive data from unauthorized access
disclosure or theft um some ways we can
do that in the real world or things like
encryption which is one of the most
popular ways um using different types of
access control methods but also data
classification because if we don't
understand what we classify as sensitive
then how are we going to ever know how
to protect it next up we have integrity
so really this is just focus on
maintaining the accuracy and
trustworthiness of data so basically
just making sure that the data hasn't
been altered in any
way so ways we can do this are for
example hashing so if you ever download
like um for example Kelly Linux or
something to play around and build your
own home lab a lot of times those
software downloads will tell you what
the hash is of the of the actual
download so that way when you download
something you can compare the hash of it
make sure it's correct if it's not
correct it could mean that that file was
altered by somebody else right so
potentially it's malicious so that's
what we can do with hash fun functions
also digital signatures Etc and also
Version Control can all be used to help
us ensure that data integrity and then
finally we have a v a ability so
availability just make sure that people
systems applications Etc making sure
that the resources that all those things
need are accessible and usable when they
need them um a good example of this
would be like let's say you have a
website and let's say Ken's a bad guy
that day and I do what's called a Dos
attack or distributed denial service
attack against your website which all
that is is uh just think about it like a
snowball fight so let's say that you and
I get in a snowball fight I throw a
snowball at you you throw one at me for
the most part you can handle that right
because I got to make the snowball then
I got to throw it now let's say that
I've got a hundred of my friends though
and we all throw snowballs at you you're
going to block a couple but eventually I
mean there's a hund h 100 snowballs
coming at you you're going to get hit
you're probably going to get knocked
down you're going to get a bunch of
snowballs in your face right and that's
all a Dos attack is it's just people
throwing a bunch of snowballs at you and
overwhelming your web server so your
website goes down so that's an example
of availability if someone does that
then your customers can't access your
website and maybe maybe you've got an
e-commerce business where that's the
only way you can make money so now you
can't get any sales for your business
because someone took down their website
so that's the availability aspect of it
so for example with the example I gave
we would want to build protections
against the Dos attack so for example
using something like cloudflare with
your website so there's like another
check in place to make sure that someone
can't just do a simple dos attack
against your website also making sure
that we don't have Hardware failures
right or that we've built resiliency so
when you hear the terminology of cyber
resil resiliency if I can pronounce it
correctly that's what we're talking
about right that's M making sure that
the organization has that availability
across all those
assets next up we have non-repudiation
so if someone's like hey I didn't do
that non-repudiation is basically just
making sure that we've got tracking in
place to make sure that a user cannot
deny the authenticity or Integrity of a
message they sent or some kind of
transaction they have so for example if
I um you know let's say you send me an
email and you say Ken you're a jackass
and I go complain to HR non-repetition
would mean that we've got tracking a
place to prove that that email came from
your system at the time that you would
have been working and maybe we have a
security camera in the office as well
that shows you were at the system while
that email was sent so really yeah maybe
there was a bad hacker that broke in and
did all this stuff but we've got proof
honestly that you did it right that you
sent the the email say Ken saying Ken
was a jackass so the ways we can do
non-repetition include things like
digital signatures time stamping of
course our Auto logging etc etc right so
just basically getting that proof in
advance and making sure that hey this
was the person or system or application
that did the thing that we're thinking
they did so next up we have AAA again
not the place it comes when your car is
broke down but this AAA is
authentication authorization and
accounting what does it all mean are we
talking about accounting and and doing
all the numbers and figuring finances no
we're talking about something else right
so authentication is where we'll start
and that's basically just a process of
verifying an identity of a user a system
or application so it's just basically
confirming that identity saying okay
this person or system or application Etc
is who they who they are or what they
claim to be and we can do this through
various methods in cyber security world
so this could be like password using two
Factor auth authentication uh security
tokens Biometrics uh etc etc right um
authorization is the next one and that's
where we just determine what actions or
resources that the the authenticated
user or system or application is allowed
to access so basically just making sure
that um let's say for example that I'm a
nurse making sure that I got I've got
the appropriate permissions I need to
actually chart on a patient after I take
their vital sides so ways some ways we
can do this are arbach and abach so
arbach just stands for rule-based Access
Control aach just stands for attribute
based Access Control um so role-based in
the example of a nurse I could say okay
all the nurses coming in the company get
this level of access and then I could
say from an attribute standpoint I can
say based on the fact that this nurse
Works in Texas I'm going to give them a
little more granular access based on
where they work so they can't access
patient information from a patient over
in Florida for example um you don't
normally see that level of granular
access in in the nursing realm um but
that's an example of how it might be
used using arbach and abok there's also
Al something called pach which is policy
based access control so again we could
just set a policy to automate giving
that access so a lot of things around
Access Control we're not going to dive
into that stuff in this video but again
those are some of the ways we can do the
authorization part now accounting is
similar in the aspect of the financial
stuff it involves tracking right so but
in this example we're tracking and
recording the activities of
authenticated users or systems or
applications so basically we can get a
record of who's access what when they
when did they access
um again that's all related to the
auditing process and and part of that is
related to compliance but also part of
that is related to our incident response
in our forensic analysis so if we do
have an incident we can actually track
back and say okay this is what happened
this is who or what access this stuff
and then finally we've got Gap analysis
if you're not familiar with gap analysis
basically it's just a process to assess
the difference between our current state
and the state we want to get to so in
the example of cyber security we're
analyzing our current state or current
of cyber security or a current security
posture is what it's called and where do
we want to get to right what's kind of
that Gap that we have you know is that
do we have certain vulnerabilities or
other weaknesses are there areas where
we can improve guess what spoiler alert
there are always areas we can improve in
security so really what this allows us
to do is is get that analysis of like
where our gaps are and how can we get
better you know can we Implement more
security controls can we optimate
optimize uh processes um etc etc right
like what do we need to change to get
better and better over time so by
understanding all of these Concepts so
again CIA Tria AAA n non-repudiation and
GAP analysis um all this stuffs helps us
as cyber security practitioners help our
organization strengthen their cybercity
posture and really just help them better
protect their valuable assets which
could be a number of different things
right we're not just talking about um
the L latest uh Instagram post that
we're trying to protect right and make
sure that's not altered we are honestly
talking about human life in some
instances right um earlier I mentioned
the example of a a steamer a steam valve
going off in and killing someone right
um and actually that was in a previous
video on the controls I believe security
controls but things like that actually
could impact human life so that's why
this stuff is such a serious matter and
that's why it's important to understand
it so if you like these videos though
let me know in the comments below if you
like these videos that we do for
certification prep if it helps you at
all um that's the only way we know to do
more of right is is by you telling us
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
Chrome Extension