| Principle | Key concepts |
|---|---|
| Confidentiality | Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation |
| Integrity | Accuracy, Truthfulness, Validity, Accountability, Responsibility, Completeness, Comprehensiveness |
| Availability | Usability, Accessibility, Timeliness |
The opposite of CIA Triad. Think of it as the objectives of an adversary.
The AAA framework are the fundamental mechanisms of a secure environment.
The ISC(²) is separating the Auditing from Accounting. Some organizations and knowledge-bases consider auditing and accounting as one category.
| Category | Explanation |
|---|---|
| Identification | Claiming an identity. |
| Authentication | Proving an identity. |
| Authorization | Requesting access to system. |
| Auditing | Recording events related to the subject and system. |
| Accounting | Reviewing the event logs. |
| Concept | Key ideas |
|---|---|
| Defense in Depth | Layered security > parallel. |
| Abstraction | Classification, categorization and labelling. |
| Data Hiding | Unable to access or see, not only hidden. |
| Encryption | Scrambled data and key-assigned. |
The intersection between any two areas, subnets, or environments that have different security requirements or needs.
The collection of of practices related to supporting, evaluating, defining, and directing the security efforts of an organization.