Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.
Additional areas that are often considered part of the taxonomy of computer security include:
- Access control — Ensuring that users access only those resources and services that they are entitled to access and that qualified users are not denied access to services that they legitimately expect to receive
- Nonrepudiation — Ensuring that the originators of messages cannot deny that they in fact sent the messages
- Availability — Ensuring that a system is operational and functional at a given moment, usually provided through redundancy; loss of availability is often referred to as “denial-of-service”
- Privacy — Ensuring that individuals maintain the right to control what information is collected about them, how it is used, who has used it, who maintains it, and what purpose it is used for