“Traditionally, the cybersecurity community has formulated policies in terms of three kinds of requirements:

  • Confidentiality refers to which principals are allowed to learn what information.
  • Integrity refers to what changes to the system (stored information and resource usage) and to its environment (outputs) are allowed.
  • Availability refers to when must inputs be read or outputs produced.

This classification, as it now stands, is likely to be problematic as a basis for the laws that form a science of cybersecurity.”

Fred B. Schneider, Blueprint for a science of cyber security