Confidentiality |
Ensuring that sensitive information is accessed only by authorized parties and kept out of reach of unauthorized users. |
Integrity |
Maintaining the accuracy and completeness of data by protecting it from unauthorized modification or deletion. |
Availability |
Ensuring that information and resources are available to authorized users when needed. |
Authentication |
Verifying the identity of users, devices, or systems before granting access to resources. |
Authorization |
Ensuring that authenticated users have permission to access and perform specific operations on resources. |
Non-repudiation |
Ensuring that actions or transactions cannot be denied by the parties involved, providing proof of their occurrence. |
Least Privilege |
Limiting users' access rights to the minimum necessary to perform their jobs, reducing potential damage from accidents or attacks. |
Defense in Depth |
Implementing multiple layers of security controls to protect against potential threats. |
Security by Design |
Integrating security measures into the design and development of systems and applications from the outset. |
Incident Response |
Preparing for and effectively responding to security incidents to minimize impact and recover quickly. |