Confidentiality

As the name suggests, this function deals with keeping information confidential.

Thus, it is directly related to the principle of least privilege. This principle states that access to the information should be granted only on a need-to-know basis with a valid business requirement and thus should not be accessible to everyone.

For example, if a developer wants to see the application logs on the server, there is no need to give him full sudo permission. Access to basic commands such as less, more, and tail should be more than enough to achieve the required use case.

The prime aspect of confidentiality is the classification of data. If data is classified into three aspects, such as public, internal only, and confidential, then it will be easier for employees as well as security engineers to know what needs to be secured and what need not be secured.

The methods, algorithms, and tools that will help in maintaining the confidentiality of data based on the classification are a part of this domain.

For example, if a USB stick containing important financial documents gets stolen and a hacker manages to go through them, then essentially, the confidentiality is broken. In this case, if these documents were encrypted, then the attacker would not be able to open the documents and, hence, confidentiality would still be maintained.