Security management concepts and principles are key components in a security policy and solution procedures. They contain important documents such as policies, practices, and guidelines that establish the framework for a secure information system. These documents present the organization’s information benefits and lay out its security procedures.
The main objectives and goals of security are defined within the CIA Triad, or three main security principles: confidentiality, integrity and availability. Security controls must acknowledge one or more of these three principles:
- Confidentiality: The guarding of sensitive information through rigorous measures to prevent exposure or sharing of the information with unauthorized persons. Once the information is intentionally or unintentionally released, confidentiality is lost. Breaches of confidentiality include stealing files, shoulder surfing, or screen recording.
- Integrity: The practice of maintaining data consistency and ensuring the information hasn’t been altered or compromised in any way. This process is applied to data in active use, data that is stored and data that’s transferred.
- Availability: Allowance of data being accessed at any time by authorized persons.