Confidentiality

Confidentiality is "the property that information is not made available or disclosed to unauthorized individuals, entities, or processes." In other words, confidentiality requires that unauthorized users should not be able to access sensitive resources. Confidentiality must be balanced with availability; authorized persons must still access the resources they have been granted permissions for.

Although confidentiality is similar to "privacy," these two words are not interchangeable. Instead, confidentiality is a component of privacy; confidentiality is implemented to protect resources from unauthorized entities.

Examples that compromise confidentiality:

• a hacker gets access to the password database of a company

• a sensitive email is sent to the incorrect individual

• a hacker reads sensitive information by intercepting and eavesdropping on an information transfer

Examples of methods ensuring confidentiality

• data encryption

• properly implemented authentication and access control

  • securely stored passwords

  • multi-factor authentication (MFA)

  • biometric verification

• minimizing the number of places/times the information appears

• physical security controls such as properly secured server rooms