Confidentiality ensures that information is accessible only to those authorized. We protect it through encryption, access control, and data classification.
Core Concept: Confidentiality prevents unauthorized disclosure of data. Common controls include encryption, access control lists (ACLs), multi-factor authentication, and data masking. A breach of confidentiality occurs when sensitive data is exposed to unauthorized parties — think data breaches, eavesdropping, or misconfigured S3 buckets.
🔐 Exercise 1A — Caesar Cipher Encryption
A Caesar Cipher shifts each letter by a fixed number — the oldest recorded encryption, used by Julius Caesar. Not secure today, but perfectly illustrates substitution ciphers and the key-value relationship.
OUTPUT
[ Awaiting input... ]
📂 Exercise 1B — Data Classification
Desktop: drag items into the correct tier.
Mobile: tap an item to select it (it highlights), then tap the target zone.
Data classification drives access control decisions. Place each item in the right sensitivity tier.
HR employee SSNs
Q3 Financial report
Company website URL
Encryption private key
Customer email list
Press release draft
🔴 TOP SECRET
🟡 CONFIDENTIAL
🟢 PUBLIC
[ Place all items, then check. ]
❓ Knowledge Check
A misconfigured cloud storage bucket exposes 50,000 customer records to the public internet. Which CIA Triad pillar is PRIMARILY violated?
A. Integrity — the data was altered
B. Confidentiality — unauthorized disclosure occurred
C. Availability — users can\'t access the service
D. Non-Repudiation — actions cannot be denied
■ MODULE 02 — CIA TRIAD
INTEGRITY
Integrity ensures that data remains accurate, complete, and unaltered except through authorized processes. Hash functions are the primary technical control.
Core Concept: Integrity protects data from unauthorized modification. Cryptographic hash functions (SHA-256, SHA-3) produce a fixed-size "fingerprint" of data. Even changing a single bit produces a completely different hash — called the avalanche effect. Other controls: digital signatures, checksums, version control, and write-once storage.
🔑 Exercise 2A — Live SHA-256 Hash Generator
Type any message and watch its SHA-256 hash update in real time. Notice how even one character change completely transforms the output — the avalanche effect.
SHA-256 HASH (HEX)
[ Hashing... ]
⚠️ Exercise 2B — File Tamper Detection
A software vendor publishes a file with a known SHA-256 hash. You downloaded it — but was it tampered with in transit?
[ Click USE CURRENT FILE HASH, then VERIFY INTEGRITY ]
In the 2020 SolarWinds attack, threat actors compromised the build pipeline and inserted malicious code into a legitimate software update. 18,000+ organizations downloaded the tampered update because the official hash was replaced simultaneously — bypassing integrity controls.
If an attacker can modify BOTH the software binary AND the published hash simultaneously, which additional control would BEST detect the compromise?
A. Require users to re-download the file twice
B. Use a longer hash (SHA-512 instead of SHA-256)
C. Code signing with a trusted third-party certificate authority
D. Store hashes in the same web server as the binary
■ MODULE 03 — CIA TRIAD
AVAILABILITY
Availability ensures that systems and data are accessible to authorized users when needed. It's measured in uptime percentages and protected through redundancy, failover, and attack mitigation.
Core Concept: Availability attacks aim to make systems unreachable. Denial of Service (DoS) floods a single target; Distributed DoS (DDoS) uses a botnet of thousands of compromised machines. Countermeasures include rate limiting, CDN scrubbing, anycast routing, load balancers, and redundant ISP links.
📊 Exercise 3A — SLA Uptime Calculator
SLA "nines" define acceptable downtime. Calculate how much downtime is allowed under each tier — and what it costs.
[ Adjust sliders to calculate ]
💥 Exercise 3B — DoS Attack Visualizer
Watch a volumetric DoS flood overwhelm server capacity. Toggle mitigations to see their effect on request handling.
REQ/SEC: 0LEGIT: 0BLOCKED: 0STATUS: ONLINE
❓ Knowledge Check
A hospital's primary database server goes offline during a ransomware attack. Doctors cannot access patient records. Which redundancy strategy would have BEST maintained availability?
A. Daily tape backups stored in the same server room
B. A firewall upgrade to block ransomware
C. Active-active failover cluster with real-time replication to an offsite datacenter
D. Increased RAM on the primary server
■ MODULE 04 — SECURITY PRINCIPLES
NON-REPUDIATION
Non-Repudiation ensures that a party cannot deny having performed an action. It's enforced through digital signatures, PKI certificates, audit logs, and timestamps.
Core Concept: If Alice sends Bob a signed document, Alice cannot later claim she didn't send it — her digital signature proves it. Digital signatures use asymmetric cryptography (RSA/ECDSA): the sender signs with their private key; anyone verifies with the public key. Combined with timestamping and immutable audit logs, non-repudiation is legally admissible evidence.
✍️ Exercise 4A — Digital Signature Simulator
Simulate signing a message with a private key and verifying it with the corresponding public key. In real PKI, these would be RSA or ECDSA key pairs from a Certificate Authority.
SIGNATURE (simulated RSA-SHA256)
[ Sign a message to generate signature ]
PUBLIC KEY FINGERPRINT
[ — ]
🔍 VERIFICATION PANEL
[ Sign a message above, then verify here ]
📋 Exercise 4B — Immutable Audit Log
Each log entry is chained to the previous one via its hash (blockchain-style). Tampering with any entry breaks the chain — making it detectable and legally defensible.
[ Add entries to build the audit chain ]
❓ Final Knowledge Check
An employee denies sending a termination email to a client. IT produces a digitally signed email with a timestamp from the company's mail server. Which property makes this evidence legally binding?
A. Availability — the email server was online
B. Confidentiality — the email was encrypted in transit
C. Integrity — the email wasn\'t modified
D. Non-Repudiation — the digital signature proves origin and prevents denial
🎓 LAB COMPLETE
You've successfully explored all four pillars of Security Principles — Confidentiality, Integrity, Availability, and Non-Repudiation. These concepts form the foundation of every security control, policy, and framework in the industry.
Return to Canvas and complete the module quiz to receive credit.