Confidentiality
Confidentiality of information ensures that only those with sufficient privileges may access specific information. When unauthorized individuals can access information, confidentiality can be breached. To protect the confidentiality of information, several measures are used:
•Information classification
•Secure document storage
•Application of the general security policies
•Education of information custodians and end users
Integrity
Integrity is quality or state of being complete, and uncorrupted. The integrity of information can be threatened when it is exposed to damage, destruction, corruption, or other disruption of its authentic state. Corruption can occur when information is being compiled, stored, or is getting transmitted.
Availability
Availability is the characteristic of information which enables user access to the information without interference/obstruction and in a required format. A user in this definition may be person or another computer system. Availability does not imply that information is accessible to any user; instead, it means availability to authorized users.
Privacy
The information which is collected, and stored by an organization is to be used only for the purposes stated to data owner at the time it was collected. This definition of privacy focuses on freedom from observation, but instead it means that information will be used only in ways known to the person offering it.
Identification
An information system possesses characteristic of identification when it is able to recognize the individual users. Identification and authentication are necessary to establishing the level of access or authorization which an individual is granted.
Authentication
Authentication takes place when a control provides proof that a user possesses the identity which he or she claims.
Authorization
After identity of a user is authenticated, the process of it is called as authorization provides assurance that the user (whether the person or the computer) has been specifically and authorized explicitly by the proper authority to access, update, or delete contents of an information asset.
Accountability
The characteristic of accountability exists when the control provides assurance that every activity which is undertaken is attributed to the named person or automated process. For instance, audit logs the track user activity on information system gives accountability.