Information Security is a hot topic nowadays. DDoS attacks, new privacy guidelines, state-sponsored hacking are making headlines worldwide.
Infomation Security is traditionally based on three principles (‘CIA triad’):
Confidentiality is established when information is not made available or disclosed to unauthorized individuals, entities, or processes.
Access control and Authorization are the main controls here.
Data integrity is the maintenance of, and the assurance of the accuracy and consistency of, data over its entire life-cycle.
Change management is a very important control here.
Availability is the proportion of time a system is in a functioning condition.
Configuration Management & Contingency Planning are contributing controls here.