In an increasingly digital world, cyber threats are becoming more complex and widespread. Every organization—whether a business, government agency, or educational institution—stores valuable information online. To protect this information, cyber security plays a crucial role. But what exactly does cyber security aim to achieve?
Cyber security is built around a set of core objectives designed to protect systems, networks, and data from unauthorized access or harm. These objectives are often summarized through the CIA Triad—Confidentiality, Integrity, and Availability—along with additional goals that support safe digital operations.
1. Confidentiality
Confidentiality ensures that sensitive information is accessible only to authorized individuals. It prevents data from falling into the wrong hands, whether through hacking, data leaks, or insider threats.
Strategies include:
-
Encryption
-
Multi-factor authentication (MFA)
-
Access controls
-
Secure passwords
The goal is to keep personal, financial, and organizational data private and secure.
2. Integrity
Integrity is about maintaining the accuracy and reliability of data. Cyber criminals often try to modify, alter, or corrupt information, which can lead to false records, financial loss, or system failures.
Key protections include:
-
Hashing
-
Digital signatures
-
Version control
-
Intrusion detection systems (IDS)
The objective is to ensure that data remains unchanged unless altered by authorized users.
3. Availability
Availability guarantees that systems, networks, and data are accessible whenever users need them. Cyber attacks like DDoS (Distributed Denial of Service) aim to disrupt services, making them unavailable.
Methods to ensure availability:
-
Regular system maintenance
-
Backup solutions
-
Network redundancy
-
Firewalls and anti-DDoS tools
This objective ensures smooth business operations and uninterrupted services.
4. Authentication
Authentication ensures that users are who they claim to be. Without proper verification, unauthorized individuals could gain access to sensitive information or critical systems.
Common authentication methods:
-
Passwords and PINs
-
Biometrics (fingerprint, face recognition)
-
Security tokens
-
OTP-based logins
This prevents impersonation and unauthorized access.
5. Authorization
Once authentication verifies a user’s identity, authorization determines what the user is allowed to do. Not every person within a system should have full access to all data or functions.
Authorization techniques include:
-
Role-based access control (RBAC)
-
Permissions settings
-
User privilege management
This objective helps prevent misuse of access rights.
6. Non-Repudiation
Non-repudiation ensures that actions performed in a system cannot be denied later by the person who performed them. This is especially important in financial transactions, legal agreements, and communication logs.
Methods include:
-
Digital certificates
-
Transaction logs
-
Digital signatures
It creates accountability and trust in digital interactions.
7. Resilience
Cyber security also aims to ensure that systems can withstand attacks and recover quickly. Even with strong protections, threats may still occur, so resilience is crucial.
Resilience practices:
-
Disaster recovery planning
-
Incident response strategies
-
Regular backups
-
Business continuity planning
A resilient system minimizes downtime and reduces losses after a cyber attack.
Conclusion
The objectives of cyber security go far beyond just preventing cyber attacks. They focus on keeping information private, accurate, and accessible, while ensuring users are properly authenticated and authorized. With strong cyber security practices, organizations can protect their data, maintain trust, and ensure smooth digital operations.
