Confidentiality
Confidentiality is basically the efforts made by an organization to keep their data private or secure.
To achieve confidentiality, company data and infomation access should be controlled i.e preventing unauthorized access or sharing of data be it intentional or accidental.
For example,
those who work with an organization’s finances should be able to access the spreadsheets, bank accounts, and other information related to the flow of money. However, the vast majority of other employees and perhaps even certain executives may not be granted access. To ensure these policies are followed, stringent restrictions have to be in place to limit who can see what.
Integrity
Integrity means to make sure the stored data is trustworthy and free from tampering.
To maintain integrity, stored data should be authentic, accurate and reliable.
For example,
if your company provides information about senior managers on your website, this information needs to have integrity. If it is inaccurate, those visiting the website for information may feel your organization is not trustworthy. Someone with a vested interest in damaging the reputation of your organization may try to hack your website and alter the descriptions, photographs, or titles of the executives to hurt their reputation or that of the company as a whole.
Availability
Availability simply means that the data or information stored should be available to authorized user whenever they need it.
Even if data is kept confidential and its integrity maintained, it is often useless unless it is available to those in the organization and the customers they serve.
This means that systems, networks, and applications must be functioning as they should and when they should. Also, individuals with access to specific information must be able to consume it when they need to, and getting to the data should not take an inordinate amount of time.
For example,
there is a power outage and there is no disaster recovery system in place to help users regain access to critical systems, availability will be compromised. Also, a natural disaster like a flood or even a severe snowstorm may prevent users from getting to the office, which can interrupt the availability of their workstations and other devices that provide business-critical information or applications. Availability can also be compromised through deliberate acts of sabotage, such as the use of denial-of-service (DoS) attacks or ransomware.
Top comments (0)