Domain 6

Focus on: Information Technology and Business Continuity (15–25%)

SECURITY

Information Security Objectives

There are five information security objectives, such as confidentiality, integrity, availability, accountability, and assurance. However, information systems literature primarily focuses on three security objectives or attributes such as confidentiality, integrity, availability. These three objectives (i.e., confidentiality, integrity, and availability) form the three legs of the CIA triad.

• Confidentiality. Confidentiality of data and information is the requirement that private or confidential information not be disclosed to unauthorized individuals. Confidentiality protection applies to data is in storage, during processing, and while in transit. Confidentiality is the preservation of authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Thus, confidentiality is related to privacy.

• Integrity. Integrity of system and data is required as protection against intentional or accidental attempts to violate either (1) data integrity—the property that data has not been altered in an unauthorized manner while in storage, during processing, or while in transit, or (2) system integrity—the quality that a system has when performing the intended function in an unimpaired manner, free from unauthorized manipulation. In other words, integrity is lack of improper modification, alteration, or ...