Fundamental Principles of Security

3 Main principles of security programs.

• Availability
• Integrity
• Confidentiality

Availability

• Is data safe? (Brown outs, earth quakes, floods, server failure, no single point of failure, environmental factors)
  
• Is it recoverable? (Backed up, co-storage location)

Integrity

• Information and systems are Reliable
• Unauthorized modifications are prevented
• Software and hardware modify data correctly
• Prevent stupid user activity
• Systems and software need to be Hacker proof.
  
• Strict Access controls, intrusion detection, and hashing data.
  
• Data in transit should be protected by encryption

Confidentiality

• Prevent unauthorized disclosure
• Shoulder surfing (looking at another user interaction)
• Social engineering (tricking users into sharing information)
• Not encrypting data
• Sharing secrets
• Not using care in protecting information

Note: Functional Requirements: "Does this solution carry out the required tasks?" Assurance requirements: "How sure are we of the level of protection this solution provides?"