Confidentiality is one of the three pillars of the CIA Triad (alongside Integrity and Availability) and ensures that information is accessible only to those who are authorised to view it. It is maintained through a combination of access controls, encryption, data classification and security awareness training.
Breaches of confidentiality can result in regulatory penalties under GDPR, loss of competitive advantage and reputational damage. ISO 27001 addresses confidentiality through multiple Annex A controls covering areas such as access management, cryptography, physical security and supplier relationships. Organisations must continuously assess and strengthen their confidentiality measures as threats evolve.