In this video, learn about the three fundamental goals of information security that are included in the CIA triad: confidentiality, integrity, and availability. These three goals form the basis of all of the activities performed by information security professionals in the modern enterprise.
- [Instructor] Information security professionals have broad and important responsibilities for safeguarding the information and systems that are often an organization's most valuable assets. When we think of the goals of information security, we often use a model known as the CIA triad, shown here. This model highlights the three most important functions that information security performs in an enterprise: confidentiality, integrity, and availability. Confidentiality ensures that only authorized individuals have access to information and resources.
Confidentiality is what most people think of when they think about information security, keeping secrets away from prying eyes. And, in fact, confidentiality is how most security professionals spend the majority of their time. Malicious individuals seeking to undermine confidentiality are often said to engage in disclosure attacks, making sensitive information available to individuals or the general public without the information owner's consent.
Security professionals are also responsible for protecting the integrity of an organization's information. This means that there aren't any unauthorized changes to information. These unauthorized changes may come in the form of a hacker seeking to intentionally alter information or a service disruption that accidentally affects the data stored in a system. In either case, it's the information security professional's responsibility to prevent these lapses in integrity. The final goal of information security is availability, ensuring that authorized individuals are able to gain access to information when they need it.
If users can't access important business records or systems, that lack of availability may have a profound impact on the business. Malicious individuals seeking to undermine availability engage in attacks known as denial of service attacks. These attacks try to either overwhelm a system or cause it to crash, therefore, denying legitimate users the access that they need.
To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.
- The security triad: confidentiality, integrity, and availability
- Security principles
- Resource security
- Data security
- Security controls
- Assessing security controls
- Security policy
- Physical security
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover software licensing. In addition, the following topics were updated: integrity, leveraging industry standards, data encryption, security control selection and implementation, audits and assessments, security policy framework, security policy training and procedures, and ethics.