Tags: #security #confidentiality #integrity #availability
Confidentiality stems from the “least privilege” principle, which means the information should only be visible by the parties who have the need to know. Improper authentication, unauthorized access, information exposure all lead to a breach of confidentiality. The more sensitive the information held within an application, the higher level of assurance is needed.
Integrity is about preserving the information contents as they are and preventing tampering, while it is in transit or at rest. The more important the role of the application, the more important it is for its information to be trusted as decisions are made based on this information. If a malicious user can change the information, then they can affect the decisions being made.
Availability is concerned with the ability of a user to access the information, within certain parameters and complete their mission. If the information in an application is not available, then decisions that are based on this information can not be made.
The factors of authentication:
This is commonly referred to as “multi-factor authentication” (MFA), or historically “two-factor authentication” (2FA).