LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the core goals (Kernziele) of information security?

Confidentiality, Integrity, and Availability — the classic CIA triad (Vertraulichkeit, Integrität, Verfügbarkeit).

Triangle linking Confidentiality, Integrity and Availability around a central Information Security node

* The CIA triad: Vertraulichkeit, Integrität, Verfügbarkeit — the three core goals every control maps to. *

Goal Means Broken when…
Vertraulichkeit (Confidentiality) Only authorised parties can read information Data leak, eavesdropping, stolen laptop
Integrität (Integrity) Data cannot be altered undetected Tampered file, malware-modified config
Verfügbarkeit (Availability) Authorised parties can access information when needed DDoS, ransomware, hardware failure

These three are explicitly listed in ISO/IEC 27000:2018, clause 3.28, the formal definition of "information security."

Why these three and not others? Every other security property eventually decomposes into one of them. A signed PDF needs integrity; a session cookie needs confidentiality; an emergency hotline needs availability.

Tip: When designing a control, ask "which letter of CIA am I protecting?" If you can't answer, you're probably building something cosmetic. A backup protects A; encryption protects C; a hash protects I.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026