6.1 Summarize confidentiality, integrity and availability concerns.
📘CompTIA ITF+ (FC0-U61)
Confidentiality is about keeping information private. Only the right people should access data, and no one else. If confidentiality is broken, unauthorized users might see sensitive information, which can lead to security breaches. There are several ways this can happen:
1. Snooping
- Definition: Snooping is when someone secretly looks at data they are not supposed to see.
- IT Example: An employee accesses files on a shared server without permission, trying to find confidential financial reports or HR records.
- How to prevent: Use access controls, strong passwords, and encryption so only authorized users can open sensitive files.
2. Eavesdropping
- Definition: Eavesdropping is when someone listens in on communications between users without their knowledge.
- IT Example: Capturing instant messages or emails being sent over an unsecured network to see confidential information, like project plans or login credentials.
- How to prevent: Use encrypted communication channels, like HTTPS for web traffic, VPNs, or secure messaging platforms.
3. Wiretapping
- Definition: Wiretapping is a form of eavesdropping, but it specifically involves tapping into network or phone lines to intercept data.
- IT Example: Intercepting VoIP (Voice over IP) calls on a company network to listen to confidential discussions.
- How to prevent: Encrypt network traffic, implement network monitoring, and use physical security for network devices like routers and switches.
4. Social Engineering
- Definition: Social engineering is tricking people into giving away confidential information, often by manipulating trust or human behavior.
- IT Example: An attacker sends an email pretending to be IT support, asking employees for their login credentials.
- How to prevent: Conduct security awareness training, implement multi-factor authentication (MFA), and always verify requests for sensitive information.
5. Dumpster Diving
- Definition: Dumpster diving is when someone searches through trash or discarded materials to find confidential information.
- IT Example: An employee throws away old hard drives, printed reports, or notes containing passwords, and an attacker retrieves them to gain access.
- How to prevent: Shred sensitive documents, securely wipe storage devices, and enforce a data disposal policy.
Summary Table for Easy Recall
| Threat | What It Is | IT Example | Prevention |
|---|---|---|---|
| Snooping | Unauthorized data viewing | Accessing confidential files on a server | Access control, encryption |
| Eavesdropping | Listening to communications | Capturing emails on an unsecured network | VPN, HTTPS, encrypted messaging |
| Wiretapping | Intercepting network or phone lines | Listening to VoIP calls | Encrypt traffic, physical network security |
| Social Engineering | Tricking people to reveal info | Fake IT support asking for passwords | Training, MFA, verification processes |
| Dumpster Diving | Searching discarded items for info | Recovering old printed reports or drives | Shred documents, secure data disposal |
✅ Key Takeaways for the Exam:
- Confidentiality ensures data is only accessible by authorized users.
- Many attacks exploit either technical weaknesses (like unsecured networks) or human weaknesses (like social engineering).
- Prevention often combines technology (encryption, MFA) and behavioral practices (training, secure disposal).
