Topic: Data Protection
Brief: Ensure that sensitive information is accessible only to those authorized to view it. This involves encryption, access controls, and policies to protect data from unauthorized access.
Topic: Data Integrity
Brief: Maintain the accuracy and completeness of data over its lifecycle. Implement checksums, hashing, and access controls to prevent unauthorized modifications, ensuring that data remains unaltered and reliable.
Topic: System Reliability
Brief: Ensure that systems and data are available to authorized users when needed. This includes implementing redundancy, regular backups, and robust disaster recovery plans to minimize downtime and service interruptions.
Topic: User Verification
Brief: Verify the identity of users accessing systems and data. Strong authentication mechanisms, such as passwords, biometrics, and multi-factor authentication (MFA), help ensure that only legitimate users gain access.
Topic: Access Control
Brief: Define and enforce what authenticated users are allowed to do within the system. Role-based access control (RBAC) and the principle of least privilege help limit access to sensitive resources.
Topic: Accountability
Brief: Ensure that actions taken by users or systems cannot be denied after the fact. Digital signatures, audit logs, and encryption help create a trail of evidence, ensuring that actions are attributable to the correct entities.
Topic: Monitoring and Logging
Brief: Maintain detailed records of system activities to detect and investigate security incidents. Continuous monitoring, logging, and regular audits help identify potential threats and ensure compliance with security policies.