Search in ISMS Guides


Saturday, July 28, 2007

The Big Three

Confidentiality, Integrity, and Availability (C.I.A.),These concepts represent the
three fundamental principles of information security. All of the information security
controls and safeguards, and all of the threats, vulnerabilities, and security processes
are subject to the C.I.A yardstick.

Confidentiality. In InfoSec, the concept of confidentiality attempts to prevent the
intentional or unintentional unauthorized disclosure of a message’s contents. Loss of
confidentiality can occur in many ways, such as through the intentional release of
private company information or through a misapplication of network rights.

Integrity. In InfoSec, the concept of integrity ensures that:
Modifications are not made to data by unauthorized personnel or
Unauthorized modifications are not made to data by authorized personnel
or processes
The data are internally and externally consistent, i.e., that the internal
information is consistent among all subentities and that the internal
information is consistent with the real world, external situation.

Availability. In InfoSec, the concept of availability ensures the reliable and timely
access to data or computing resources by the appropriate personnel. In other words,
availability guarantees that the systems are up and running when they are needed. In
addition, this concept guarantees that the security services needed by the security
practitioner are in working order.

No comments: