# Basic Security Concepts **The CIA triad** CIA stands for *Confidentiality*, *Integrity*, and *Availability*. A system is ***Confidential*** if the only people that can access it are the people explicitly permitted to access it. A system has ***Integrity*** if the information and functionality it stores is only that which the owner intends to be stored. A system is considered ***Available*** if the people who are supposed to access it are able to do so. **The Principle of Least Privilege** The Principle of Least Privilege expresses the idea that each part of a system should only be granted the lowest possible privileges that are needed to get their job done. **Open Security** A counter-intuitive principle which states that the security of a system should not depend on *secrecy*. Even if an attacker knows exactly how the system's security is implemented, the attacker should still be thwarted. **Defense in Depth***:* advocates for adding defenses to as many layers of a system as possible, so that if one is bypassed, another may still prevent full infiltration. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.floorp.ie/pen100/basic-security-concepts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.