users' common belief that systems are always down or
            unreliable. Now when management hears complaints about a
            system outage, they know that their information systems and
            security are working at acceptable levels of performance.

            When the level of availability is not at the desired level, then it
            is possible to map out a strategy to move from the current level
            of availability to the desired level. This may not be possible in
            one step. A strategy that will move incrementally from the
            current level through various milestones and deliverables
            towards the desired objective may have to be defined. This gives
            the security and IT departments an advantage in that they can
            now justify their projects by linking them to measurable and
            achievable goals.


            Confidentiality

            Confidentiality is the protection of sensitive data from
            compromise or disclosure. In many cases, the requirements of
            confidentiality are in conflict with the goals of availability that
            want to make information available! Security is not about
            denying all access - it is about enabling the CORRECT level of
            access so that the person that requires access can efficiently
            perform their jobs. Confidentiality enforces the principle of the
            need to know. Confidentiality is also related to secrecy, the
            protection of personally identifiable information (PII), the
            protection of intellectual property such as trade secrets, and
            compliance with legislation and regulatory requirements related
            to the protection of information.