...
Confidentiality: Privacy or the ability to control or restrict access so that only authorized individuals can view sensitive information. One of the underlying principles of confidentiality is "need-to-know" or "least privilege". In effect, access to vital information should be limited only to those individuals who have a specific need to see or use that information.
Integrity: Information is accurate and reliable and has not been subtly changed or tampered with by an unauthorized party. Integrity includes:
Authenticity: The ability to verify content has not changed in an unauthorized manner.
Non-repudiation & Accountability: The origin of any action on the system can be verified and associated with a user.
Availability: Information and other critical assets are accessible to customers and the business when needed. Note, information is unavailable not only when it is lost or destroyed, but also when access to the information is denied or delayed.
...
DEISER’s data classification system is divided into four sections:
Public: Information that may or must be open to the general public. It is defined as information with no existing local, national, or international legal restrictions on access or usage. Public data is available to all DEISER employees and all individuals or entities external to the corporation.
Internal: Information that must be guarded due to proprietary, ethical, or privacy considerations and must be protected from unauthorized access, modification, transmission, storage or other use. This classification applies even though there may not be a civil statute requiring this protection. Internal Data is information that is restricted to personnel who have a legitimate reason to access it.
Confidential: Highly sensitive data intended for limited, specific use by a workgroup, department, or group of individuals with a legitimate need-to-know. Explicit authorization by the Data Administrator is required for access because of legal, contractual, privacy, or other constraints. Confidential data have a very high level of sensitivity.
Regulatory Data Classification: Information protected by statutes and regulations, and governed by a regulatory body or council regarding the investigation, response, reporting and handling of incidents. Regulatory Data is sensitive in nature, and access is restricted. Disclosure is limited to individuals on a need-to-know basis.