5.1 SECURITY SERVICES
The fundamental objectives of information security are to protect information and system resources from unauthorized access, modification, or disruption while ensuring continued availability to legitimate users. Modern frameworks—including ISO/IEC 27001 and the US NIST Special Publication 800-53 (see Appendix G for a selected bibliography of cryptographic references)—group these objectives into three primary categories known as the CIA triad:
- Confidentiality: Preventing disclosure of information to unauthorized parties.
- Integrity: Protecting data from unauthorized modification, insertion, or deletion.
- Availability: Ensuring that information and systems remain accessible and usable to authorized entities when needed.
These three core properties form the foundation of all modern information-security and cybersecurity architectures.
To support these primary objectives, additional security services or mechanisms are commonly defined:
- Authentication: Providing assurance of the claimed identity of users, devices, or systems.
- Access control (authorization): Restricting resource use to authorized entities and preventing misuse of trusted systems.
- Non-repudiation: Ensuring that entities cannot later deny participation in a communication or transaction.
Together, these services complement the CIA triad to provide a comprehensive framework for securing modern communication networks.
Alternative formulations extend this model further. For example, the Parkerian Hexad, introduced by Donn B. Parker, adds possession (control) and utility to the traditional CIA triad, emphasizing that security also depends on maintaining control of information assets and ensuring their continued usefulness.
Back to reading