Page 123 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 123

Summary


               Security governance, management concepts, and principles are
               inherent elements in a security policy and in solution deployment.
               They define the basic parameters needed for a secure environment.

               They also define the goals and objectives that both policy designers
               and system implementers must achieve in order to create a secure
               solution.

               The primary goals and objectives of security are contained within the
               CIA Triad: confidentiality, integrity, and availability. These three
               principles are considered the most important within the realm of
               security. Their importance to an organization depends on the

               organization’s security goals and requirements and on how much of a
               threat to security exists in its environment.

               The first principle from the CIA Triad is confidentiality, the principle
               that objects are not disclosed to unauthorized subjects. Security
               mechanisms that offer confidentiality offer a high level of assurance
               that data, objects, or resources are not exposed to unauthorized

               subjects. If a threat exists against confidentiality, there is the
               possibility that unauthorized disclosure could take place.

               The second principle from the CIA Triad is integrity, the principle that
               objects retain their veracity and are intentionally modified by only
               authorized subjects. Security mechanisms that offer integrity offer a
               high level of assurance that the data, objects, and resources are
               unaltered from their original protected state. This includes alterations

               occurring while the object is in storage, in transit, or in process.
               Maintaining integrity means the object itself is not altered and the
               operating system and programming entities that manage and
               manipulate the object are not compromised.

               The third principle from the CIA Triad is availability, the principle that
               authorized subjects are granted timely and uninterrupted access to
               objects. Security mechanisms that offer availability offer a high level of

               assurance that the data, objects, and resources are accessible to
               authorized subjects. Availability includes efficient uninterrupted
   118   119   120   121   122   123   124   125   126   127   128