LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Beyond the CIA triad, what secondary goals of information security are often added?

Non-repudiation, privacy, authenticity, and anonymity (Nicht-Abstreitbarkeit, Privatsphäre, Authentizität, Anonymität).

These four don't fit neatly into C, I, or A, but matter in many real systems:

  • Nicht-Abstreitbarkeit (Non-repudiation) — A party cannot deny having sent or received a message. Backed by digital signatures, secure logs.
  • Privatsphäre (Privacy) — Personal data is processed only for stated purposes. Overlaps with GDPR-style regulation.
  • Authentizität (Authenticity) — A message or actor is genuinely who/what it claims to be. Backed by MACs, signatures, certificates.
  • Anonymität (Anonymity) — A user's identity cannot be linked to an action. Tor, mix networks, anonymous credentials.

Why split them out? Confidentiality protects the content; anonymity protects the fact that the communication happened. Different problem, different control.

Tip: When a regulation (DSG, GDPR, HIPAA) drives requirements, expect privacy and non-repudiation to outweigh classic CIA — auditors care about who did what, not just whether data leaked.

Go deeper:

  • doc Non-repudiation — how digital signatures and secure logs stop a party denying they sent or received a message.
  • doc Information privacy — the privacy goal in depth, including its GDPR/DSG regulatory drivers.

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 05, 2026