Confidentiality
Information has not been disclosed to unauthorized people
Protect personal piracy, Maintain a business advantage, Achieve regulatory compliance
Protection: Encryption, Access Control, Data Masking, Physical Protection, Training
Factors to Verify Authenticity
Data States and Types
Integrity
Information not modified or altered without right authorization
Ensure Data Accuracy, Maintain Trust, Ensure Security Operability
Protection: Hashing, Digital Signature, Checksums, Access Controls, Regular Audits
Availability
Information can be accessed, stored and protected by authorized users at all times
Ensure Business Continuity, Maintain Customer Trust, Uphold Organizations Reputation
Protection: Redundancy (Server, Data, Network, Power), Disaster Recovery
Opposite of CIA: DAD (Disclosure, Alteration and Destruction)