Discuss the issues related to confidentiality, and integrity of data. Also, specify methods to diagnose such issues?

 

In order to give answer to this question, we have to first understand what these both terms Confidentiality and Integrity means then we follow up to their issues and methods to diagnose them.

So, Confidentiality is the term that ensures that data which is being exchanged is not accessible by any unauthorized users. The users could be applications, processes, other systems or maybe humans. When designing a system, adequate control mechanisms to enforce confidentiality should be in place, as well as policies that dictate what authorized users can and cannot do with the data. The more sensitive the data, the higher the level of confidentiality. Therefore, all sensitive data should always be controlled and monitored. To maintain confidentiality in automotive systems, data needs to be protected inside and outside the vehicle, while it is stored (data at rest), while it is transmitted (data in motion), and while it is being processed (data in use). Memory protection can be applied to data in use. Cryptography is excellent for protecting the confidentiality of data at rest and data in motion, but keep in mind that it imposes computational complexity and increases latency, so it should be used with caution in time-sensitive systems.

For example, nation-state spies make confidentiality attacks a major portion of their work, seeking to acquire confidential information for political, military, or economic gain.

Now the major issues with confidentiality are: 

ü  Eavesdropping attacks

ü  Encryption cracking

ü  Malicious insiders

ü  Man-in-the-middle attacks

 

Now the term Data integrity refers to the accuracy and consistency (validity) of data over its lifecycle. Compromised data, after all, is of little use to enterprises, not to mention the dangers presented by sensitive data loss. For this reason, maintaining data integrity is a core focus of many enterprise security solutions.

Data integrity can be compromised in several ways. Each time data is replicated or transferred, it should remain intact and unaltered between updates. Error checking methods and validation procedures are typically relied on to ensure the integrity of data that is transferred or reproduced without the intention of alteration.

Now the major issues with Data Integrity are;

ü  Human error

ü  Unintended transfer errors

ü  Misconfigurations and security errors

ü  Malware, insider threats, and cyberattacks

ü  Compromised hardware

Now the methods to diagnose such issues are -

Scenario 1: Exfiltration of Encrypted Data An organization unknowingly has a compromised machine that is being used by a malicious actor to exfiltrate data. The malicious actor is encrypting the data to prevent detection. The data confidentiality solution will provide monitoring capabilities to help recognize the active breach. The solution will also notify the security team of the activity and respond in accordance with policy that stops the continued data leak (e.g., prevents access to the data).

Scenario 2: Spear Phishing Campaign As a result of a spear phishing campaign, a malicious actor can view and manipulate a database. Proprietary internal data stored in the database is exposed. The data confidentiality solution will provide monitoring for the security team to recognize that data has been accessed and/or exfiltrated. The solution will also respond with actions that immediately terminate access for the malicious actor to the database.

Scenario 3: Ransomware An employee is a victim of ransomware and is presented with a note showing contents of proprietary files from the employee’s organization’s file server and a demand for money to stop accessing and sharing files. The data confidentiality solution will provide monitoring and logging to determine the scope and severity of a data breach. The results from the monitoring solution will inform the appropriate response to discontinue the data leak.

Scenario 4: Accidental Email A user accidentally cc’s an individual who should not have access to the email’s attachment, which contains proprietary information. The cc’d individual could be either an employee or an outsider to the organization. The data confidentiality solution will detect that access is being issued to an individual not authorized and will produce an alert of the error.

Scenario 5: Lost Laptop A user loses their laptop that contains proprietary company information. The data confidentiality solution will determine what information was in the laptop and potentially try to remote-delete data.

Scenario 6: Privilege Misuse An employee, leveraging administrator credentials, accesses data to exfiltrate that data for personal gain. The employee prints several sensitive documents and then exfiltrates the remaining data via Universal Serial Bus. For the purpose of this project, the administrator credentials will have been considered stolen in a manner that is outside the scope of the security architecture. The data confidentiality solution will provide monitoring to allow the security team to recognize that data has been exfiltrated via unallowable media type. The solution will also respond with appropriate actions to immediately stop the account from having continued access. The time and process of restoring the account will be determined by policy.

Scenario 7: Eavesdropping An external actor compromises an organization’s network and can hijack network communications via a man-in-the-middle attack, resulting in data loss. The data confidentiality solution will detect unauthorized network access and respond appropriately to sever the connection.

~ Thank you for reading this post ~

🙏