The University of SydneyPage 7Basic Principles of Security–Confidentiality–Property of an information system whereby its information is disclosed only to authorized parties –Protection of private data, where it resides or during its transmission–Confidentiality of data has been compromised where inference may be drawn even without disclosure–The “need-to-know” principle * may work well in military environment, but in commercial env., the need to withhold principles may be more appropriate–When information is available to many, the “need-to-withhold” principle is more appropriate.