| Confidentiality |
Ensuring that sensitive information is accessed only by authorized parties and kept out of reach of unauthorized users. |
| Integrity |
Maintaining the accuracy and completeness of data by protecting it from unauthorized modification or deletion. |
| Availability |
Ensuring that information and resources are available to authorized users when needed. |
| Authentication |
Verifying the identity of users, devices, or systems before granting access to resources. |
| Authorization |
Ensuring that authenticated users have permission to access and perform specific operations on resources. |
| Non-repudiation |
Ensuring that actions or transactions cannot be denied by the parties involved, providing proof of their occurrence. |
| Least Privilege |
Limiting users' access rights to the minimum necessary to perform their jobs, reducing potential damage from accidents or attacks. |
| Defense in Depth |
Implementing multiple layers of security controls to protect against potential threats. |
| Security by Design |
Integrating security measures into the design and development of systems and applications from the outset. |
| Incident Response |
Preparing for and effectively responding to security incidents to minimize impact and recover quickly. |