Quiz Entry - updated: 2026.07.05
Beyond the CIA triad, what secondary goals of information security are often added?
Non-repudiation, privacy, authenticity, and anonymity (Nicht-Abstreitbarkeit, Privatsphäre, Authentizität, Anonymität).
These four don't fit neatly into C, I, or A, but matter in many real systems:
- Nicht-Abstreitbarkeit (Non-repudiation) — A party cannot deny having sent or received a message. Backed by digital signatures, secure logs.
- Privatsphäre (Privacy) — Personal data is processed only for stated purposes. Overlaps with GDPR-style regulation.
- Authentizität (Authenticity) — A message or actor is genuinely who/what it claims to be. Backed by MACs, signatures, certificates.
- Anonymität (Anonymity) — A user's identity cannot be linked to an action. Tor, mix networks, anonymous credentials.
Why split them out? Confidentiality protects the content; anonymity protects the fact that the communication happened. Different problem, different control.
Tip: When a regulation (DSG, GDPR, HIPAA) drives requirements, expect privacy and non-repudiation to outweigh classic CIA — auditors care about who did what, not just whether data leaked.
Go deeper:
Non-repudiation — how digital signatures and secure logs stop a party denying they sent or received a message.
Information privacy — the privacy goal in depth, including its GDPR/DSG regulatory drivers.