Confidentiality is one of the three classic information security objectives. It means that information is accessible only to those authorized to see it. In an ISMS, you enforce confidentiality through access controls, encryption, information classification, and non-disclosure agreements. Classification levels determine who may access which information. Breaches of confidentiality — such as data leaks or unauthorized access — rank among the most common security incidents.