Purpose of IS
The reason to implement information security procedures can be crudely broken down into six major topics, three for the data itself and another three for the users accessing the data.
- Confidentiality – Preventing data being accessed or copied without approval.
- Integrity – If data is manipulated, corrupted or overridden without permission.
- Availability – Ensuring data cannot be erased or become inaccessible without permission.
- Authentication – Confirming a user is who they claim to be.
- Authorization – Confirming the user has permission to access the data.
- Nonrepudiation – Preventing a user denying the performed their actions later on.
(https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf)