“Confidentiality - seeks to prevent the unauthorized disclosure of information: it keeps data secret • Integrity - seeks to prevent unauthorized modification of information. In other words, integrity seeks to prevent unauthorized write access to data. Integrity also seeks to ensure data that is written in an authorized manner is complete and accurate. • Availability - ensures that information is available when needed • Subject - An active entity on an information system • Object - A passive data file • Annualized Loss Expectancy—the cost of loss due to a risk over a year • Threat—a potentially negative occurrence • Vulnerability—a weakness in a system • Risk—a matched threat and vulnerability • Safeguard—a measure taken to reduce risk • Total Cost of Ownership—the cost of a safeguard • Return on Investment—money saved by deploying a safeguard”