A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.
Sources:
NIST SP 800-12 Rev. 1
under Security
from
CNSSI 4009
The combination of confidentiality, integrity and availability.
Sources:
NISTIR 5153
under Security
from
DoD 5200.28-STD
the preservation of confidentiality, integrity and availability of information. NOTE In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be relevant.
A. Integrity, property of protecting the accuracy and completeness of assets;
B. Confidentiality, property that information is not made available or disclosed to unauthorized individuals, entities, or processes;
C. Availability, property of being accessible and usable upon demand by an authorized entity.
Sources:
NISTIR 8074 Vol. 2
under Security
The state in which the integrity, confidentiality, and accessibility of information, service or network entity is assured.
Sources:
NISTIR 4734
under Security
refers to information security. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide:
A. Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
B. Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and
C. Availability, which means ensuring timely and reliable access to and use of information.
Sources:
NISTIR 8074 Vol. 2
under Security
from
PL 107-347
