Information Security Goals in an Organization

There are three main objectives protected by information security, collectively known as CIA:

• Confidentiality—prevents unauthorized users from accessing information to protect the privacy of information content. Confidentiality is maintained through access restrictions. Breaches of confidentiality can occur due to human error, intentional sharing, or malicious entry.

• Integrity—ensures the authenticity and accuracy of information. Integrity is maintained by restricting permissions for editing or the ability to modify information. Loss of integrity can occur when analog information is not protected from environmental conditions, digital information is not transferred properly, or when users make unapproved changes.

• Availability—ensures that authorized users can reliably access information. Availability is maintained through continuity of access procedures, backup or duplication of information, and maintenance of hardware and network connections. Loss of availability can occur when networks are attacked due to natural disasters, or when client devices fail.