Availability

Confidentiality

Scalability

Integrity

All users in the system

Authorized parties

System administrators

External auditors

To ensure data can only be modified by authorized users

To make data unreadable to unauthorized users

To verify the identity of the sender

To monitor unauthorized access

Authentication

Authorization

Encryption

Auditing

To prevent all incoming and outgoing traffic

To block all connections by default and allow only permitted ones

To encrypt all network traffic

To monitor and audit data usage

A user should have access to all system components

A process should run with the fewest possible privileges

Every user must authenticate twice

Only the administrator can access critical resources

Decryption

Authentication

Hashing

Encryption