Cyber defense is based on the following core principles:
- Confidentiality: Information that is secret, classified, private or otherwise sensitive must remain so and be shared only with appropriate users.
- Integrity: Information must retain its wholeness and not be altered from its original state.
- Availability: Information must be accessible to those who are authorized with a "need to know".
For example, in a cybersecure computing environment
personal medical records that are classified as confidential
should be protected so that they are only available
to those who are authorized (e.g., subject patient, doctors, hospitals, insurance organizations, government agencies), and their integrity
cannot be changed without proper authorization and documentation (e.g., a hospital corrects and documents a mistaken entry at the behest of a patient's authorized doctor).