Network and IT security plays a major role in organizational structure nowadays as data has become so valuable.
Security objectives are goals an organization strives to achieve through its security efforts.
Any organization has major 7 primary security objectives. Let's understand them one by one.
Confidentiality is the protection against unauthorized access, while providing authorized users access to resources without obstruction.
Integrity is the protection against unauthorized changes, while allowing for authorized changes performed by authorized users.
Availability is the protection against downtime, loss of data, and blocked access, while providing consistent uptime, protecting data, and supporting authorized access to resources.
Authentication is the proof or verification of a user's identity before granting access to a secured area.
Authorization is controlling what users are allowed and not allowed to do.
Authorization is dictated by the organization's security structure, which may focus on
discretionary access control (DAC),
mandatory access control (MAC), or
role-based access control (RBAC).
Authorization is also known as access control.
Nonrepudiation is the assurance that someone cannot deny something.
Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.
To repudiate means to deny.
Auditing and public-key cryptography commonly provide non-repudiation services.
Privacy protects the confidentiality, integrity, and availability of personally identifiable or sensitive data.