Information Governance & Cyber Security

All information security programs start with the CIA triad: Confidentiality, Integrity, and Availability of data.

“Confidentiality” means the assets of a computing system are accessible only by authorized parties.

“Integrity” means that assets can be modified only by authorized parties or only in authorized ways. In this context, modification includes writing, editing, changing status, and deleting.

“Availability” means that assets are accessible to authorized parties. An authorized party should not be prevented from accessing objects to which he, she, or a third party has legitimate access need. For example, a security system could preserve perfect confidentiality by preventing everyone from reading a particular object. However, this system does not meet the requirement of availability for proper access.

The opposite of availability is “denial of service”. Along with the fundamental basis of the CIA triad, a security program must start with the proper policies and gather input from all senior leadership within an organization.


Article by channel:

Read more articles tagged: Security Governance