Information Technology and Business Continuity (15–25%)
(a) Information Security Objectives
Security objectives, security controls, security policies, and security impact analysis are presented in this section.
(i) Security Objectives
There are five security objectives: confidentiality, integrity, availability, accountability, and assurance. However, information systems literature focuses primarily on three security objectives or attributes: confidentiality, integrity, and availability. These three objectives (i.e., confidentiality, integrity, and availability) form the three legs of the CIA triad. Another definition of security, according to the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 13335 Standard, is that it encompasses all aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, accountability, authenticity, and reliability.