Editing Information security (section)

=== Additional security goals ===
In addition to the classic CIA triad of security goals, some organisations may want to include security goals like authenticity, accountability, non-repudiation, and reliability. 

==== Non-repudiation ====
In law, [[non-repudiation]] implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction, nor can the other party deny having sent a transaction.<ref name="BidgoliHandbook06">{{cite book |author=McCarthy, C. |title=Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection, and Management |publisher=John Wiley & Sons |year=2006 |isbn=9780470051214 |editor=Bidgoli, H. |volume=3 |pages=49–76 |chapter=Digital Libraries: Security and Preservation Considerations |chapter-url=https://books.google.com/books?id=0RfANAwOUdIC&pg=PA65}}</ref>

It is important to note that while technology such as cryptographic systems can assist in non-repudiation efforts, the concept is at its core a legal concept transcending the realm of technology.<ref>{{Citation |title=Information technology. Open systems interconnection. Security frameworks for open systems |url=http://dx.doi.org/10.3403/01110206u |access-date=2021-05-29 |publisher=BSI British Standards |doi=10.3403/01110206u}}</ref> It is not, for instance, sufficient to show that the message matches a digital signature signed with the sender's private key, and thus only the sender could have sent the message, and nobody else could have altered it in transit ([[data integrity]]).<ref>{{Citation |last=Christofori |first=Ralf |editor-first1=Reinhard |editor-first2=Merz |editor-last1=Hauff |editor-last2=Akademie |title=Thus could it have been |date=2014-01-01 |work=Julio Rondo - O.k., Meta Memory |publisher=Wilhelm Fink Verlag |doi=10.30965/9783846757673 |isbn=978-3-7705-5767-7}}</ref> The alleged sender could in return demonstrate that the digital signature algorithm is vulnerable or flawed, or allege or prove that his signing key has been compromised.<ref>{{Cite journal |last=Atkins |first=D. |date=May 2021 |title=Use of the Walnut Digital Signature Algorithm with CBOR Object Signing and Encryption (COSE) |url=https://www.rfc-editor.org/info/rfc9021 |doi=10.17487/rfc9021 |s2cid=182252627 |access-date=18 January 2022 |doi-access=free |s2cid-access=free |website=RFC Editor}}</ref> The fault for these violations may or may not lie with the sender, and such assertions may or may not relieve the sender of liability, but the assertion would invalidate the claim that the signature necessarily proves authenticity and integrity. As such, the sender may repudiate the message (because authenticity and integrity are pre-requisites for non-repudiation).<ref>{{Citation |last=Le May |first=I. |title=Structural Integrity in the Petrochemical Industry |date=2003 |work=Comprehensive Structural Integrity |pages=125–149 |url=http://dx.doi.org/10.1016/b0-08-043749-4/01001-6 |access-date=2021-05-29 |publisher=Elsevier |doi=10.1016/b0-08-043749-4/01001-6 |isbn=978-0-08-043749-1}}</ref>