The biggest challenge one has when you're starting to wrap your head around becoming an IoT security person is, well, where do you start? What do you do? And there's so much to do, and there is a lot to do. So the secret to understanding it security is to give yourself a goal. I mean, why are we doing all this? Why are we going through all this pain and suffering and passwords and retinal scanners and whatever?
And to help us keep our mind in the right place? What we turn to is something called the CIA of security. No, no, no, not this kind of CIA. What we're talking about is the CIA triad of security or the goals of security. Let's talk about confidentiality, integrity, and availability. We always draw the CIA triad of security as a triangle.
Now, each point of this triangle points to an important goal of security up top here, let's put confidentiality. Confidentiality as it sounds is simply the goal of keeping data secret from anyone who doesn't have the need or the right to access that data. Second, is integrity. Integrity ensures that the data and the systems everything stays in an unaltered state when stored, transmitted and received. Equally, integrity can talk about things like no unauthorized modification, alteration, creation or deletion of the data. The third one, and this is the one we tend to forget is availability.
We have to ensure that systems and data are available to authorized users when needed. It's so easy to forget that one but these are the big three. The CIA triad is critical for us security types. It's like a mantra that we chant over and over again. Anytime we're doing anything in the security world, we say to ourselves, is this achieving one of the three goals of security, and it's something you're going to see all over the security plus, because it should be there. But there's a problem.
And the problem is, is that a lot of security people feel that the CIA in and of itself really isn't enough. So what I'm going to do is I'm going to add a couple more things to our CIA triad. I'm going to add auditing and accountability. And I'm going to add non repudiation, let's watch. The first thing I'd like to add is auditing and accountability. Now, automated accountability simply means that we got to keep track of things that go on, for example, who's been logging in?
When are they logging in? Who's access this data, when it's somebody come in the gate, who's made changes to something? So we dump that all into auditing and accountability. Second, is non repudiation. Now, non repudiation, to some extent, ties into accountability because it basically means that a user can't deny the day they have performed a particular action. So that does make it something in terms of of accountability.
But there's another aspect of non repudiation that's very important in the world of communication. It ensures that a user cannot deny having made some form of communication. And that, my friends is the CIA of security. Even though it's a little bit more than just the CIA, make sure you know this for the security plus and for the real life that you're going to run into in the world of security.