What is the Primary Objective of Data Security Controls?
The primary objective of data security controls is to protect the data and the systems that collect, process and maintain this data is of critical importance. The security of systems, applications and services must include controls and safeguards to offset possible threats, as well as controls to ensure confidentiality, integrity, availability and safety:
- Confidentiality addresses preserving authorized restrictions on access and disclosure to authorized users and services, including means for protecting personal privacy and proprietary information.
- Integrity addresses protecting against improper modification or destruction, including ensuring non-repudiation and authenticity.
- Availability addresses timely, reliable access to data, systems and services for authorized users, services and processes.
- Safety addresses reducing risk associated with technologies that could fail or be manipulated by nefarious actors to cause death, injury, illness, damage to or loss of equipment
Commensurate with risk, security and privacy measures must be implemented to guard against unauthorized access to, alteration, disclosure or destruction of data and systems, applications and services. This also includes protection against accidental loss or destruction.