Security – Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the information or systems and affect a company’s ability to meet its objectives (think commitments).
Availability – Information and systems are available for the operation to meet the company’s objectives.
Confidentiality – Information designated as confidential is protected to meet the company’s objectives.
Processing Integrity – System processing is complete, valid, accurate, timely, and authorized to meet the company’s objectives.
Privacy – Personal information is collected, used, retained, disclosed, and disposed to meet the entity’s objectives.