A fundamental principle of information security that mandates restricting access to information to authorized users only. It’s about ensuring that sensitive information is not disclosed to unauthorized individuals or entities. Confidentiality measures include the use of passwords, encryption, access control lists, and security policies that define who can access what data and under which circumstances. It is the C of the CIA triad.