What is the Goal of Security?

What are we trying to accomplish by having security? It can be defined in terms of the CIA triad (Confidentiality, Integrity and Availability) but that is not inclusive enough. Much like in traditional architecture, one uses architecture to design and build a house. The primary purpose of that house is to fulfill one of the primary needs of a person and that is shelter (the primary needs being food (including water), shelter and clothing).

Security should prevent us from NOT having a house but also much more than that. It should prevent us from having to go without the necessary things of life, including all that the house can provide us – which includes all the amenities and luxuries of life as well for any period of time.

So to bring it back to the IT world, this is the Security Goal:

To prevent security failures; a security failure is when a control has been successfully bypassed or has blocked legitimate use. A security failure could also be described as any state in which all, or one, of the desired Security Products have not been produced; that is Confidentiality, Integrity, Availability and also Accountability.

Good Security Architecture is what allows you to achieve these goals and thus prevent security failures.