The dictionary meaning of the word confidentiality states: the state of keeping or being kept secret or private. Confidentiality, in the context of information security, implies keeping the information secret or private from any unauthorized access, which is one of the primary needs of information security. The following are some examples of information that we often wish to keep confidential:
- Passwords
- PIN numbers
- Credit card number, expiry date, and CVV
- Business plans and blueprints
- Financial information
- Social security numbers
- Health records
Common attacks on confidentiality include:
- Packet sniffing: This involves interception of network packets in order to gain unauthorized access to information flowing in the network
- Password attacks: This includes password guessing, cracking using brute force or dictionary attack, and so on
- Port scanning and ping sweeps: Port scans and ping sweeps are used to identify live hosts in a given network and then perform some basic fingerprinting on the live hosts
- Dumpster driving: This involves searching and mining the dustbins of the target organization in an attempt to possibly get sensitive information
- Shoulder surfing: This is a simple act wherein any person standing behind you may peek in to see what password you are typing
- Social engineering: Social engineering is an act of manipulating human behavior in order to extract sensitive information
- Phishing and pharming: This involves sending false and deceptive emails to a victim, spoofing the identity, and tricking the victim to give out sensitive information
- Wiretapping: This is similar to packet sniffing though more related to monitoring of telephonic conversations
- Keylogging: This involves installing a secret program onto the victim's system which would record and send back all the keys the victim types in