The primary objective of cybersecurity is to protect an organization's information assets by preserving their confidentiality, integrity, and availability (the CIA triad). Preventing unauthorized access is the fundamental mechanism for ensuring confidentiality, which is a cornerstone of information security. While other options describe important components or methods within a cybersecurity program, they are subordinate to the main goal of safeguarding information assets from unauthorized access, use, disclosure, disruption, modification, or destruction.

A. Protecting IT controls is a method to achieve the primary objective, not the objective itself. The goal is to protect the assets, and controls are the tools used.

B. Regulating user behavior is a specific control activity, but cybersecurity's scope is much broader, encompassing technological, physical, and external threats beyond user actions.

D. Securing protocols and authorization routines are technical implementations or procedures that support the primary objective, rather than being the overarching goal.

1. The Institute of Internal Auditors (IIA). (2012). Global Technology Audit Guide (GTAG) 1: Information Technology Risk and Controls

2nd Edition. Page 6. The guide defines "Confidentiality" as "Preserving authorized restrictions on access and disclosure

" which directly aligns with preventing unauthorized access to information assets.

2. National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity

Version 1.1. Page 9. The "Protect" function (PR) includes the "Access Control (PR.AC)" category

whose purpose is to ensure that "Access to assets...is limited to authorized users

processes

or devices." This highlights access control as a core protective function.

3. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. In Chapter 1

Section 1.1

the text introduces the three key security objectives (the CIA triad)

defining Confidentiality as "Data confidentiality

" which "assures that private or confidential information is not made available or disclosed to unauthorized individuals." This establishes the prevention of unauthorized access as a fundamental goal.