“Traditionally, the cybersecurity community has formulated policies in terms of three kinds of requirements:
- Confidentiality refers to which principals are allowed to learn what information.
- Integrity refers to what changes to the system (stored information and resource usage) and to its environment (outputs) are allowed.
- Availability refers to when must inputs be read or outputs produced.
This classification, as it now stands, is likely to be problematic as a basis for the laws that form a science of cybersecurity.”
Fred B. Schneider, Blueprint for a science of cyber security