Post on 12-Jan-2023
Confidentiality,
Jordan FarisCMGT|400 Intro to Information Assurance and SecurityProf. Richard Zinne11/20/2013
Integrity, and Availability
Confidentiality, Integrity, and AvailabilityOriginal “CIA” of Security
• How do confidentiality, integrity and availability all play key roles in protecting information?
Three-fold Goal of Security
• Availability• Integrity
• Confidentiality
• Security
Security is an over-arching set of protocols, techniques and tools.
Confidentiality is
concerned with barring unauthorized
access.
Availability refers to
prompt data access by
the authorized
user.
Integrity is concerned with the protection of data.
Confidentiality"...To ensure that
only those individuals who
have the authority to view a piece of information may do
so. No unauthorized
individual should ever be able to
view data they are not entitled to
access."(Conklin et al. "Principles of
Computer Security, p.22)
Integrity"[...] deals with the generation and modification of data. Only authorized individuals should
ever be able to create or change (or delete) information."
(Conklin et al. "Principles of Computer Security, p.22)
.
Availability"The goal of
availability is to ensure that the data, or the system itself, is
available for use when the
authorized user wants it."
(Conklin et al. "Principles of
Computer Security, p.22)
Summary and Notes
Professional
Safeguards
Professional
EthicsProtectio
n
Confidentiality, Integrity and Availability are the basic security principles that form the backbone of most security hardware, software, policies and procedures.Due to increased e-commerce, two recent additions have been incorporated into the CIA of security: • Authentication attempts to ensure that an individual is who they claim to be. • Related to this is nonrepudiation, which deals with the ability to verify that a
message has been sent and received and that the sender can be identified and verified. • Recent emphasis on systems assurance has raised the potential inclusion of the term
auditability, which refers to whether a control can be verified to be functioning properly.