https://tfir.io/qwiet-ai-delivers-proactive-security-with-its-code-property-graph-chetan-conikee/ # Chapter three or more: Core Security Rules and Concepts Before diving further into threats and defense, it's essential to establish the essential principles that underlie application security. These types of core concepts are the compass through which security professionals navigate decisions and trade-offs. They help reply why certain adjustments are necessary plus what goals many of us are trying in order to achieve. Several foundational models and concepts guide the design plus evaluation of secure systems, the most famous being the particular CIA triad and even associated security concepts. ## The CIA Triad – Discretion, Integrity, Availability In the middle of information protection (including application security) are three major goals: 1. **Confidentiality** – Preventing unapproved use of information. Within simple terms, trying to keep secrets secret. Just those who will be authorized (have the particular right credentials or even permissions) should become able to see or use delicate data. According to NIST, confidentiality means "preserving authorized restrictions on access in addition to disclosure, including methods for protecting private privacy and proprietary information" PTGMEDIA. PEARSONCMG. COM . Breaches involving confidentiality include phenomena like data leaks, password disclosure, or an attacker reading through someone else's e-mail. A real-world example is an SQL injection attack that will dumps all consumer records from the database: data that will should happen to be confidential is encountered with the attacker. The alternative of confidentiality is disclosure PTGMEDIA. PEARSONCMG. COM – when details is revealed to those not authorized to see it. 2. **Integrity** – Guarding data and devices from unauthorized adjustment. Integrity means of which information remains exact and trustworthy, and even that system functions are not tampered with. F