Which component of information security is subject to change over time and considers sensitivity and legal requirements?

The correct choice is confidentiality, as it directly relates to the protection of sensitive information and is heavily influenced by legal and regulatory requirements that can evolve over time. Confidentiality involves ensuring that information is only accessible to those who are authorized to view it, which means it must adapt to different standards and laws that govern data protection, such as GDPR or HIPAA.

As organizations grow and legal landscapes shift, the measures established to safeguard confidentiality—including policies, technologies, and practices—must adjust accordingly. This can involve implementing stronger encryption, updating access controls, or complying with new regulations, all of which reflect the dynamic nature of confidentiality.

Other components such as integrity, availability, and authentication are more stable in their definitions. Integrity focuses on the accuracy and consistency of data over its lifecycle, availability ensures that information is accessible when needed, and authentication verifies the identity of users. While these areas can also be influenced by changes in technology and practices, they do not inherently fluctuate in response to sensitivity or legal changes in the same way that confidentiality does.