To secure information assets, organizations must open availability to legitimate users while barring unauthorized access. In general, secure systems must provide the following protections:
Accountability: Detect attacks in progress or trace any damage from successful attacks. Prevent system users from later denying completed transactions.
Availability: Ensure uninterrupted service to authorized users. Service interruptions can either be accidental or maliciously caused by denial-of-service attacks.
Confidentiality: Safeguard user privacy[3] and prevent the theft of information both stored and in transit.
Integrity: Ensure that electronic transactions and data resources are not tampered with at any point, either accidentally or maliciously[1].
To provide the four preceding key protections, information security must be an integral part of system design and implementation.
[3]Vacca, John R., Net Privacy: A Guide to Developing & Implementing an Ironclad ebusiness Privacy Plan, McGraw-Hill Trade, 2001.