DOMAIN 6

Information Technology and Business Continuity (15–25%)

6.1 Security

6.2 Application Development

6.3 System Infrastructure

6.4 Business Continuity

6.5 Sample Practice Questions

6.1 Security

(a) Information Security Objectives

Security objectives, security controls, security policies, and security impact analysis are presented in this section.

(i) Security Objectives

There are five security objectives: confidentiality, integrity, availability, accountability, and assurance. However, information systems literature focuses primarily on three security objectives or attributes: confidentiality, integrity, and availability. These three objectives (i.e., confidentiality, integrity, and availability) form the three legs of the CIA triad. Another definition of security, according to the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 13335 Standard, is that it encompasses all aspects related to defining, achieving, and maintaining confidentiality, integrity, availability, accountability, authenticity, and reliability.

1. Confidentiality. Confidentiality of data and information is the requirement that private or confidential information not be disclosed to unauthorized individuals. Confidentiality protection in regard to data concerns data in storage, during processing, and while in transit. Confidentiality is the preservation of authorized restrictions on information access and disclosure, including means for protecting ...

Get Wiley CIAexcel Exam Review 2014: Part 3, Internal Audit Knowledge Elements now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial