The primary protection goals of information security are:
-
Confidentiality: Protection against the disclosure of information to unauthorised persons. The most important methods for ensuring confidentiality include encryption measures (symmetric and asymmetric algorithms) and access controls (e.g. role-based or rule-based assignment of authorisations).
-
Availability: Information must be accessible to authorised persons in a timely manner and without interruption. A disaster recovery plan, for example, which defines the recovery of data and systems in the event of system, network or infrastructure failures, helps in this regard.
-
Integrity: Information must not be changed undetected. Integrity can be ensured, e.g., through strong encryption and can be verified with the help of a hash algorithm.
There are also secondary protection goals, such as authenticity (originality), accountability (actions can always be assigned to unique identities) and reliability (technical functionality).