Confidentiality is the assurance that sensitive information is protected from unauthorized access or disclosure.

The CIA triad stands for Confidentiality, Integrity, and Availability, which are the core principles of information security:

1. Confidentiality: Ensuring that sensitive information is accessible only to authorized individuals and protected from unauthorized access.
2. Integrity: Ensuring that data remains accurate, consistent, and unaltered except by authorized actions.
3. Availability: Ensuring that information and resources are accessible to authorized users whenever needed.

These principles help organizations protect their data and systems from various security threats.

The correct answer is to apply hashing with salting to user passwords

Hashing with salting provides a secure way to store passwords by adding random data (the salt) to the password before hashing it. This ensures that even if two users have the same password, their stored hash values will differ, making it much harder for attackers to use precomputed tables (like rainbow tables) to crack passwords.

Explanation of Incorrect Options:

1. Applying Hashing to passwords: While hashing is good, without salting, it leaves the system vulnerable to rainbow table attacks.
2. Using HTTP protocol to transfer data: HTTP is an unencrypted protocol, and data transferred over it can be intercepted and read, compromising confidentiality. HTTPS should be used instead.
3. Using FTP protocol to send files: FTP (File Transfer Protocol) is also unencrypted, making it unsafe for confidential file transfers. SFTP (Secure File Transfer Protocol) or FTPS should be used.

Integrity refers to the assurance that data or information remains complete, accurate, and unaltered throughout its lifecycle.

Allowing multiple processes or threads to access the same data simultaneously can compromise integrity by: Leaving data in an inconsistent state, causing race conditions and data corruption. To prevent this, programmers, need to use Database locking and row versioning mechanisms.

All the above ensures integrity, except Data Anonymization which is used to ensure confidentiality.

By comparing the checksum of a received or stored data with the expected checksum, one can determine whether the data has been altered or corrupted during transmission or storage. If the checksum values do not match, it indicates that the data integrity has been compromised.

Availability ensures that systems and data are available all the time

Without availability, even if you have met the other two requirements of the CIA Triad, your business can be negatively impacted.

DoS/DDOS attacks are a serious threat to availability of information systems as they can exhaust/overwhelm bandwidth and computing power of systems.

Top Secret is the highest level of classification for Government/military environments.

Public is the lowest level of data classification in business/non-government sector.

A public IP address: While it can be used to approximate the location of a device, it does not directly identify an individual without additional context or information.

An information security policy is a set of guidelines, rules, and procedures that outline how an organization manages and protects its information assets. It provides a framework for ensuring the confidentiality, integrity, and availability of information while addressing potential risks and defining responsibilities for employees and stakeholders.

Reverse engineering, often known as back engineering, is the practice of disassembling software, equipment, airplanes, architectural structures, and other goods in order to obtain design knowledge from them. Reverse engineering frequently entails disassembling individual components of bigger items