Confidentiality

Accountability is not part of the CIA triad.  Confidentiality, Integrity, and Availability make up the triad.  It is not unusual to see these referenced as Availability, Integrity, and Confidentiality or abbreviated as AIC.  Regardless of the order it is critical that the #CISSP candidate know them and have a thorough understanding of what they mean in the #cybersecurity world.

Confidentiality

The purpose of confidentiality is to inhibit the unauthorized disclosure of information. ( Guess what the opposite of confidentiality is.  That’s right: disclosure. )  The cybersecurity professional must keep data secret. So we need to keep unauthorized people/systems from accessing data they have no business seeing. Many times confidentiality is associated with safeguarding PII or Personally Identifiable Information.  PII can take on many forms such as credit card information, social security number, drivers license number, or any number of other data that can personally identify an  individual.

Integrity

The goal of Integrity is to prevent unauthorized modification of information. The modification can be from an authorized person making an unauthorized, or simply erroneous, update.  It could also be safeguarding an unauthorized person from making an update.  Either way Integrity ensures there are no unauthorized changes to data. The cybersecurity professional needs to be aware of two types of integrity: data integrity and system integrity. Data integrity seeks to protect data; system integrity seeks to protect the computer system. ( Think a Redhat server. )  Getting back to the medical field, authorized individuals make unauthorized updates to patient information on a daily basis.  Do a Google search for “die from wrong blood type”.