Confidentiality is probably the most common aspect of information security. The principle of confidentiality specifies that only the sender and intended recipient should be able to access the contents of a message.
Confidentiality gets compromised if an unauthorized person is able to access a message. Protection of confidential information is needed. An organization needs to guard against those malicious actions to endanger the confidentiality of its information.
Example: Banking customers accounts need to be kept secret.
Confidentiality not only applies to the storage of the information but also applies to the transmission of information. When we send a piece of the information to be stored in a remote computer or when we retrieve a piece of information from a remote computer we need to conceal it during transmission. Interception causes loss of message confidentiality.
Information needs to be changed constantly. Integrity means that changes need to be done only by authorized entities and through authorized mechanisms. When the contents of a message are changed after the sender sends it, before it reaches the intended recipient it is said that integrity of the message is lost.
Integrity violation is not necessarily the result of a malicious act; an interruption in the system such as a power surge may also create unwanted changes in some information.
Modification causes loss of message integrity.
The principle of availability states that resources should be available to authorized parties at all times. The information created and stored by an organization needs to be available to authorized entities. Information is useless if it is not available.
Information needs to be constantly changed which means it must be accessible to authorized entities. The unavailability of information is just as harmful for an organization as the lack of confidentiality or integrity.
Example: The situation can be difficult for a bank if the customer could not access their accounts for transactions.
Interruption puts the availability of resources in danger.
The diagram above explains the balance concept. The right balance of the three goals is needed to build a secure system. If the goals are not balanced then a small hole is created for attackers to
nullify the other objectives of security. Having a highly confidential system but low availability then the system is not secure.
Example: A system can protect confidentiality and integrity but if the resource us not available the other two goals also are of no use.