Confidentiality

Confidentiality prevents the unauthorized disclosure of data. In other words, authorized personnel can access the data, but unauthorized personnel cannot access the data. You can ensure confidentiality using several different methods discussed in the following sections.

Encryption

Encryption scrambles data to make it unreadable by unauthorized personnel. Authorized personnel can decrypt the data to access it, but encryption techniques make it extremely difficult for unauthorized personnel to access encrypted data.

As an example, imagine you need to transmit Personally Identifiable Information (PII), such as medical information or credit card data via email. You wouldn’t want any unauthorized personnel to access this data, but once you click Send, you’re no longer in control of the data. However, if you encrypt the email before you send it, you protect the confidentiality of the data.

Access Controls

Identification, authentication, and authorization combined provide access controls and help ensure that only authorized personnel can access data. Imagine that you want to grant Maggie access to some data, but you don’t want Homer to be able to access the same data. You use access controls to grant and restrict access. The following bullets introduce key elements of access controls:

Identification. Users claim an identity with a unique username. For example, both Maggie and Homer have separate user accounts identified with unique usernames. When Maggie uses her account, she is claiming the identity of her account.
Authentication. Users prove their identity with authentication, such as with a password. For example, Maggie knows her password, but no one else should know it. When she logs on to her account with her username and password, she is claiming the identity of her account and proving her identity with the password.
Authorization. Next, you can grant or restrict access to resources using an authorization method, such as For example, you can grant Maggie’s account full access to some files and folders. Similarly, you can ensure that Homer doesn’t have any permissions to access the data.

Are you ready to become Security+ certified?

SY0-601 Study PackageHere's what you'll getWhat people are saying

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Get an online study package that helps you:

Study using multiple materials online
Use them to complement Darril Gibson’s CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide book or any other study guide you’re using
Ensure you’re ready for the exam no matter what study guide you’re using

SY0-601 Full Study Package is available here.

Package includes hundreds of multiple-choice practice test questions, performance-based questions, audio, and flashcards.

Over 385 Realistic SY0-601 Security+ Practice Test Questions

All questions include explanations so you’ll know why the correct answers are correct, and why the incorrect answers are incorrect. These questions are derived from and organized by chapters in the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide. See a demo here.

Extra Test Bank of Practice Test Questions

Questions are added occasionally. You can see what has been added recently here.

Performance-based Questions

Performance-based questions including at least 10 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions.

Online Flashcard Set

771 Online Security+ Glossary Flashcards
255 Online Security+ Acronyms Flashcards
217 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide

Check out the demo here.

Audio – SY0-601 Security+ Remember This Audio Files

Learn by Listening.

Over one hour of audio repeating the Remember This blocks from the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. (MP3 downloads.)

Audio – SY0-601 Security+ Question and Answer Audio Files

Learn by Listening.

Over five hours of audio repeating questions and answers from the 11 chapters in the popular CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. (MP3 downloads.)

Bonus #1
The same set of questions organized by domain including questions in the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide plus extra practice test questions.

Bonus #2
Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. Over one hour and 45 minutes of additional audio.

Bonus #3
Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide. This includes labs, extra practice test questions, and supplementary materials.

Bonus #4
Extended access. Access the study materials for a total of 60 days because sometimes life happens

Bonus #5
10% off Voucher. Access to a coupon code that will give you 10% off your exam voucher. At the current price of $370 USD for the Security+ voucher, this can save you $37.

Get the SY0-601 Full Study Package here.

“I re-took it at an in-person testing center, and due to NOT being
constantly distracted by a paranoid schizophrenic proctor, I was able to pass the thing.

Your textbook was instrumental in achieving that, couldn’t have done it without your work. Thank you.”

“I just wanted to say thank you for providing your knowledge via your textbook geared towards passing the Security+ (SY0-601). I just passed my exam on the first try!

Thanks again.”

“Today I took and passed my SY0-601 Exam.

Score 771/900

This is my 4rth COMPTIA exam and I nearly had the same score on each test. Roughly on each test I got 85%.

I have used your web services/books for A+, Network+ and Security+
“

“I wish to inform you that I passed the sec plus certification (sy0-501)on my second attempt. Your material was very useful and it constituted 80% of the material I used in preparing for the exam.”

Steganography and Obfuscation

A third method you can use for confidentiality is steganography. Steganography is the practice of hiding data within data. It obscures the data and can be used to support obfuscation.

Obfuscation methods attempt to make something unclear or difficult to understand. Within the context of information technology (IT) security, it’s called security by obscurity or security through obscurity. It’s worth noting that most security experts reject security through obscurity as a reliable method of maintaining security.

Many people refer to steganography as hiding data in plain sight. For example, you can embed a hidden message in an image by modifying certain bits within the file. If other people look at the file, they won’t notice anything. However, if other people know what to look for, they will be able to retrieve the message.

As a simpler example, you can add a text file to an image file without the use of any special tools other than WinRAR and the Windows command line.