Making sure that only those who are supposed to access the data can access is which of the following?

A.
confidentiality

B.
capability

C.
integrity

D.
availability

Explanation:
Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or
processes. Some information is more sensitive than other information and requires a higher level of
confidentiality. Control mechanisms need to be in place to dictate who can access data and what the subject
can do with it once they have accessed it. These activities need to be controlled, audited, and monitored.
Examples of information that could be considered confidential are health records, financial account information,
criminal records, source code, trade secrets, and military tactical plans. Some security mechanisms that would
provide confidentiality are encryption, logical and physical access controls, transmission protocols, database
views, and controlled traffic flow.
Incorrect Answers:
B: Capability is the functions that a system or user is able to perform. With reference to a user, it is defined by
the access a user is granted. However, making sure that only those who are supposed to access the data can
access is best defined by the term confidentiality.
C: Integrity refers to ensuring that the information and systems are the accuracy and reliable and has not been
modified by unauthorized entities.
D: Availability refers to ensuring that authorized users have reliable and timeous access to data and resources.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23, 160, 229-230