The CIA Triad - Confidentiality, Integrity and Availability
Confidentiality
Confidentiality relates to permitting authorized access to information, while at the same time protecting information from improper disclosure.
The security professional’s obligation is to regulate access—protect the data that needs protection, yet permit access to authorized individuals.
PII - personally identifiable information - any data about an individual that could be used to identify them.
PHI - protected health information
 Sensitivity - is a measure of the importance assigned to information by its owner
Integrity
Integrity is the property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose.
measures the degree to which something is whole and complete, internally consistent and correct. 
Data integrity is the assurance that data has not been altered in an unauthorized manner.
 Data integrity covers data in storage, during processing and while in transit.
System integrity refers to the maintenance of a known good configuration and expected operational function as the system processes the information.
Integrity is a primary factor in the reliability of information and systems.
The need to safeguard information and system integrity may be dictated by laws and regulations.
Availability
Availability means that systems and data are accessible at the time users need them.
Timely and reliable access to information and the ability to use it
Timely and reliable access to data and information services for authorized users
Data should be accessible to authorized users when and where it is needed and in the form and format required
The systems and data meet the requirements of the business for timely and reliable access.
Authentication - a process to prove the identity of the requestor.
When users have stated their identity, it is necessary to validate that they are the rightful owners of that identity. This process of verifying or proving the user’s identification
Authentication types:
Something you know: Passwords or passphrases
Something you have: Tokens, memory cards, smart cards
Something you are: Biometrics, measurable characteristics
Common techniques for authentication:
Knowledge-based 
uses a passphrase or secret code
personal identification number (PIN)
created a password
other secret value that only you know
Token-based 
Characteristic-based 
SFA - single-factor authentication
Using only one of the methods of authentication
MFS - multi-factor authentication
Granting users access only after successfully demonstrating or displaying two or more of authentication methods
Non-repudiation
Defined as the protection against an individual falsely denying having performed a particular action.
Determines whether a given individual took a particular action, such as:
created information
approved information
sent a message
received a message
Privacy
The right of an individual to control the distribution of information about themselves.
Last updated
The CIA triad is the cornerstone of information security, and as a security professional you will use all its components—confidentiality, integrity, and availability—to protect the information in your charge. Think of it as a three-dimensional way of thinking. There are many different aspects to protecting information and the more you think about it, the more you realize how complex it can be.