Cybersecurity Resources

IAM is a foundational security framework consisting of policies, processes, and technologies, to ensure authorised users (employees, contractors, devices) securely access the right resources at the right time. It prevents unauthorised access, reduces breach risks, and aids regulatory compliance through centralised identity management. 

While sometimes referred to as Digital Identity and Access Management (DIAM) to emphasise the scope of managing digital identities (users, devices, applications) rather than physical human, Identity is presumed to be digital as the concept was created within the context of Enterprise IT and Cybersecurity, and so the industry standard abbreviation is simply IAM. 

Privacy by Design (PbD) is a globally recognised framework that ensures privacy and data protection are built into systems, processes, and technologies from the moment the data exists. Rather than reacting to breaches or privacy failures, PbD promotes proactive, preventative, and a user-centered approach to handling personal information. It contains seven core elements:

1. Proactive, Not Reactive: Anticipate and prevent privacy risks before they occur.
2. Privacy as the Default Setting: Personal data is automatically protected and individuals should not need to take extra steps to secure their privacy.
3. Privacy Embedded into Design: Privacy is integrated into systems, platforms, and practices as a core function.
4. Full Functionality - Positive-Sum, Not Zero-Sum: Security, usability, and innovation can coexist without unnecessary trade-offs.
5. End-to-End Security: Information is protected throughout its entire lifecycle from  collection to storage to deletion.
6. Visibility and Transparency
   Systems and practices are open, accountable, and independently verifiable.
7. Respect for User Privacy
   Individuals’ interests are prioritised through clear communication, appropriate controls, and meaningful choice.

These elements are seen in contemporary privacy governance frameworks worldwide. They form part of privacy protections under what is one of the most robust legal frameworks globally, the European Union's GDPR (Article 25 - Data Protection by Design and By Default). For us in Australia, the PbD principles are currently a recommended approach by the OAIC and the ASD's ACSC.

While the CIA triad forms the core of information security, two additional pillars have become increasingly important in modern cybersecurity: Authenticity and Non-repudiation. These extended pillars complement the CIA triad, providing a more comprehensive framework for protecting information assets.

Authenticity: The property that an entity is what it claims to be. In plain English, authenticity basically means that a person or system is who it says it is, and not some impostor. When data is authentic, it means that we have verified that it was actually created, sent, or otherwise processed by the entity who claims responsibility for the action.Authenticity is crucial in today's digital environment where identity theft and impersonation are common threats. It ensures that the origin of data or the identity of a user can be verified and trusted.

Non-repudiation: The ability to prove the occurrence of a claimed event or action and its originating entities. In simpler terms, non-repudiation essentially means that someone can't perform an action, then plausibly claim that it wasn't actually them who did it. This principle is particularly important in digital transactions and communications, where it's crucial to have undeniable proof of who performed specific actions.