In this video, you can learn about the three fundamental goals of information security that are included in the C-I-A triad: confidentiality, integrity, and availability. These three goals form the basis of all of the activities performed by information security professionals in the modern enterprise.
- [Instructor] Information security professionals have broad and important responsibilities for safeguarding the information and systems that are often an organization's most valuable assets. When we think of the goals of information security, we often use a model known as the CIA triad, shown here. This model highlights the three most important functions that information security performs in an enterprise: confidentiality, integrity, and availability.
Confidentiality ensures that only authorized individuals have access to information and resources. Confidentiality is what most people think of when they think about information security, keeping secrets away from prying eyes. And in fact, confidentiality is how most security professionals spend the majority of their time. Malicious individuals seeking to undermine confidentiality are often said to engage in disclosure attacks, making sensitive information available to individuals or the general public without the information owner's consent.
Security professionals are also responsible for protecting the integrity of an organization's information. This means that there aren't any unauthorized changes to information. These unauthorized changes may come in the form of a hacker seeking to intentionally alter information, or a service disruption that accidentally affects data stored in a system. In either case, it's the information security professional's responsibility to prevent these lapses in integrity.
The final goal of information security is availability, ensuring that authorized individuals are able to gain access to information when they need it. If users can't access important business records or systems, that lack of availability may have a profound impact on the business. Malicious individuals seeking to undermine availability engage in attacks known as denial of service attacks. These attacks try to either overwhelm a system or cause it to crash, therefore denying legitimate users the access that they need.
- Designing an information security strategy
- Aligning security with the business
- Security roles and responsibilities
- Security standards
- Budgeting for security
- Data security
- Obtaining leadership support
- Assessing security programs
- Security principles