This describes the three primary purposes of network security, which are to secure an organization’s data confidentiality, integrity, and availability the C-I-A triad. Here are some basic definitions:
Confidentiality
Ensuring that only authorized users have access to sensitive data
Integrity
Ensuring that only authorized entities can change sensitive data. May also guarantee origin authentication meaning an assurance that the data originated from an authorized entity (like an individual).
Availability
Ensuring that systems and the data that they provide access to remain available for authorized users.
A security professional must constantly weigh the tradeoffs between threats, their likelihood, the costs to implement security countermeasures, and cost versus benefit. In the end, someone has to pay for security, and there must be a solid business case and return on investment (ROI) for the measures implemented.
biOos
No comments:
Post a Comment