This is considered the basic building blocks of security.
Zero Trust
Non-repudiation
AAA
CIA
The CIA triad (Confidentiality, Integrity and Availability) are considered the building blocks of security. When making security decisions the triad is where you should start when it comes to selecting security controls.
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge). Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability (also known as the "CIA" triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves: Identifying information and related assets, plus potential threats, vulnerabilities, and impacts; Evaluating the risks Deciding how to address or treat the risks, i.e., to avoid, mitigate, share, or accept them Where risk mitigation is required, selecting or designing appropriate security controls and implementing them Monitoring the activities and making adjustments as necessary to address any issues, changes, or improvement opportunities To standardize this discipline, academics and professionals collaborate to offer guidance, policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability, security awareness and training, and so forth. This standardization may be further driven by a wide variety of laws and regulations that affect how data is accessed, processed, stored, transferred, and destroyed. However, the implementation of any standards and guidance within an entity
Information_security#Key_concepts - Wikipedia, the free encyclopediaJoin premium for unlimited access and more features