Confidentiality is one of the three quality attributes of data according to the CIA triad of information security and means that only authorized persons have access to the information. Maintaining confidentiality consists in the fact that information should be accessible only to those who are authorized to read it, and therefore it is necessary to prevent access to unauthorized persons. Confidentiality refers to protecting information from unauthorized access.
- Assured confidentiality protects information from unauthorized access and ensuring privacy
- Assured confidentiality prevents misuse of data or information
- Breached confidentiality means that someone unauthorized has access to her data
- Breached confidentiality may lead to misuse of data or information
It is not enough to ensure the confidentiality of data, it must also be available and integral (not corrupted).
Basic measures to ensure data confidentiality
In order to maintain confidentiality, it is necessary that there is no unauthorised modification of the system and information.
- Ensuring the assignment, transfer and withdrawal of permissions and access to data to users, especially during onboarding and offboarding
- Ensuring physical security of employee access
- Data encryption
- Data backup
- Protection of data transmission and protection of communication