In 1994, The National Security Telecommunications and Information Systems Security Committee created the Comprehensive Model for Information Systems Security or the CIA Triad (Whitman & Mattord, 2009). The CIA Triad stands for Confidentiality, Integrity, and Availability. Confidentiality is defined by the CNSS as “the property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information” (CNSS, Instruction No. 4009). This is the need for only authorized people to have access to specific information and can also be the need to withhold specific information for an unauthorized person. An example of this is when a business, such as a credit card companies agrees not to share/sell your information to a third party. When I give my information to the credit card company I expect confidentiality and they; therefore, have a responsibility to provide it. The second part is Integrity. This is not the integrity of the person/entity holding one’s personal information. This is the integrity of the data
References: Committee on National Security Systems. “CNSS Instruction No. 49, 16 April 2010. Committee on National Security Systems website. http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf, accessed September 2011. Dardick, Glenn S., “Cyber Forensics Assurance.” 8th Australian Digital Forensics 2010 Conference, Perth, Western Australia, November 30th 2010, 57-60. Kabay, M. E. “The Parkerian Hexad.” Powerpoint presentation to MSIA program, April 2001. Norwich University, Northfield , VT. Parker, Donn B. “Our Excessively Simplistic Information Security Model andHow to Fix it,” ISSA Journal, July 2010: 12-21, http://www.issa. org/ images/upload/files/ParkerSimplistic%20Information%20 Security%20Model.pdf, accessed Sept 2011. Whitman, Michael and Mattord, Herbert. Principles of Information Security, 3rd ed. Boston: Thomson Course Technology, 2009.