1-50 Security Principles and Concepts

Three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.

The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.

The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.

The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.

The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

Develops computer security standards used by US federal agencies and publishes cybersecurity best practice guides and research.

Standards, best practices, and guidelines for effective security risk management. Some frameworks are general in nature, while others are specific to industry or technology types.

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

An analysis that measures the difference between the current and desired states in order to help assess the scope of work included in a project.

A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.