monitoring performance and network traffic, using firewalls and routers to prevent DoS attacks, implementing redundancy for critical systems, and maintaining and testing backup systems. Availability is dependent upon both integrity and confidentiality. Without integrity and con- fidentiality, availability cannot be maintained. Other concepts, conditions, and aspects of avail- ability include usability, accessibility, and timeliness. Other Security Concepts In addition to the CIA Triad, there is a plethora of other security-related concepts, principles, and tenents that should be considered and addressed when designing a security policy and deploying a security solution. This section discusses privacy, identification, authentication, authorization, accountability, nonrepudiation, and auditing. Privacy Privacy can be a difficult entity to define. The term is used frequently in numerous contexts with- out much quantification or qualification. Here are some possible partial definitions of privacy: Prevention of unauthorized access Freedom from unauthorized access to information deemed personal or confidential Freedom from being observed, monitored, or examined without consent or knowledge When addressing privacy in the realm of IT, it usually becomes a balancing act between indi- vidual rights and the rights or activities of an organization. Some claim that individuals have the right to control whether or not information can be collected about them and what can be done with it. Others claim that any activity performed in public view, such as most activities per- formed over the Internet, can be monitored without the knowledge of or permission from the individuals being watched and that the information gathered from such monitoring can be used for whatever purposes an organization deems appropriate or desirable. On one hand, protecting individuals from unwanted observation, direct marketing, and dis- closure of private, personal, or confidential details is considered a worthy effort. Likewise, orga- nizations profess that demographic studies, information gleaning, and focused marketing improve business models, reduce advertising waste, and save money for all parties. Whatever your personal or organizational stance is on the issue of online privacy, it must be addressed in an organizational security policy. Privacy is an issue not just for external visitors to your online offerings, but also for your customers, employees, suppliers, and contractors. If you gather any type of information about any person or company, you must address privacy. In most cases, especially when privacy is being violated or restricted, the individuals and companies must be informed; otherwise, you may face legal ramifications. Privacy issues must also be addressed when allowing or restricting personal use of e-mail, retaining e-mail, record- ing phone conversations, gathering information about surfing or spending habits, and so on. Identification Identification is the process by which a subject professes an identity and accountability is initiated. A subject must provide an identity to a system to start the process of authentication, authorization,