> For the complete documentation index, see [llms.txt](https://blog.floorp.ie/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://blog.floorp.ie/pen100/basic-security-concepts.md).

# Basic Security Concepts

**The CIA triad**

CIA stands for *Confidentiality*, *Integrity*, and *Availability*.

A system is ***Confidential*** if the only people that can access it are the people explicitly permitted to access it.

A system has ***Integrity*** if the information and functionality it stores is only that which the owner intends to be stored.&#x20;

A system is considered ***Available*** if the people who are supposed to access it are able to do so.&#x20;

**The Principle of Least Privilege**

The Principle of Least Privilege expresses the idea that each part of a system should only be granted the lowest possible privileges that are needed to get their job done.&#x20;

**Open Security**&#x20;

A counter-intuitive principle which states that the security of a system should not depend on *secrecy*. Even if an attacker knows exactly how the system's security is implemented, the attacker should still be thwarted.

**Defense in Depth***:* advocates for adding defenses to as many layers of a system as possible, so that if one is bypassed, another may still prevent full infiltration.&#x20;
