What are security controls aimed at protecting?

Security controls are designed to protect the confidentiality, integrity, and availability of information, commonly referred to as the CIA triad. This triad forms the foundational principles of information security.

Confidentiality ensures that sensitive information is accessed only by authorized individuals, thus preventing unauthorized disclosure. Integrity guarantees that data remains accurate and unaltered during storage and transmission, ensuring that the information is trustworthy. Availability ensures that information and resources are accessible to authorized users whenever needed, preventing disruptions that can arise from system failures or attacks.

While other options may touch on specific aspects of security, they do not encompass the comprehensive nature of security controls. For example, focusing solely on economic or aesthetic values misses the core purpose of security controls, which is to safeguard the essential characteristics of information that support organizational operations and protect against a range of threats.