The CIA Triad

Ways to Enforce Confidentiality:
  1. Access Control (covered in Topic 3) is a set of policies that dictate who can access what information. These designations are assigned based on an employee's role in a company or, in the case of a computer system, the username. As part of Access Control, we will discuss:
    • Authentication, which is the confirmation of a person's identity and that they don't impersonate someone else to access information, and
    • Authorization, which is a "yes" or "no" answer that a computer system gives each time a user requests to access information depending on whether they are or aren't allowed to access it.
  2. We also have to enforce Physical Security measures (also covered in Topic 3), such as keeping a computer in a locked room or keeping curtains closed, to physically limit access to confidential information.
  3. Another method to enforce confidentiality is via Encryption (covered in Topic 4), in which characters in an information piece are scrambled to prevent unwanted people from understanding that info and can be recovered to its original form only by someone who has the decryption key (= authorized people.)