FIGURE 1.1 The CIA Triad

               Security controls are typically evaluated on how well they address

               these three core information security tenets. Overall, a complete
               security solution should adequately address each of these tenets.
               Vulnerabilities and risks are also evaluated based on the threat they
               pose against one or more of the CIA Triad principles. Thus, it is a good
               idea to be familiar with these principles and use them as guidelines for
               judging all things related to security.

               These three principles are considered the most important within the

               realm of security. However important each specific principle is to a
               specific organization depends on the organization’s security goals and
               requirements and on the extent to which the organization’s security
               might be threatened.


               Confidentiality


               The first principle of the CIA Triad is confidentiality. Confidentiality is