Security Management Concepts: Availability, Integrity, Confidentiality

Concepts and Principles

Protecting important assets, security rules and procedures should support the organizational mission.
Objective of Security: reduce effects of threats and vulnerabilities to a tolerable level.

The Big Three or CIA triad

Availability
System accessible by authorized users whenever needed.
Controls: backup, fault tolerance.
Prevent: Unavailable information
Denial-of-service, Loss of data processing capabilities (natural disaster or human action)


Integrity
Protection from intentional or accidental unauthorized changes
Controls: Enforced by Access Control
Granting access on need-to-know basis, separation and rotation of duties
Prevent: alteration and modification of data
Modifications made by unauthorized personnel or processes, unauthorized modifications by authorized personnel or processes, internal and external consistency of data


Confidentiality
Protect information to unauthorized people so they can’t access it.
Controls: user identification, authentication and authorization
Prevent: disclosure of data unauthorized
Hackers, masqueraders, networks, unauthorized users activity, unprotected downloaded files, Trojan horses and social engineering.

Other important concepts of services:



References:
Official (ISC)2 Guide to the CISSP Exam
CISSP All-in-One Exam Guide, Third Edition (All in One)
CISSP ® : Certified Information Systems Security Professional Study Guide, Third Edition
CISSP by Mandy Andress (Exam cram) - Coriolis
Certified Information Systems Security Professional, CramSession BrainBuzz