DOMAIN 6
Information Technology and Business Continuity (15–25%)
6.1 Security
(a) Information Security Objectives
Security objectives, security controls, security policies, and security impact analysis are presented in this section.
(i) Security Objectives
There are five security objectives: confidentiality, integrity, availability, accountability, and assurance. However, information systems literature focuses primarily on three security objectives or attributes: confidentiality, integrity, and availability. These three objectives (i.e., confidentiality, integrity, and availability) form the three legs of the CIA triad. Another definition of security, according to the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 13335 Standard, is that it encompasses all aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, accountability, authenticity, and reliability.
Get Wiley CIAexcel Exam Review 2014: Part 3, Internal Audit Knowledge Elements now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.