With which of the following principles does an organization comply if it ensures that only authorized users have access to their sensitive data?

When an organization ensures that only authorized users have access to their sensitive data, it is adhering to the principle of confidentiality. Confidentiality is a fundamental aspect of information security that involves protecting sensitive information from unauthorized access or disclosure. By implementing access controls and authentication measures, the organization safeguards its data, ensuring that only individuals with the proper authorization can view or manipulate sensitive information. This aligns directly with the goal of maintaining confidentiality, which is crucial for protecting personal, financial, and proprietary data.

The other principles—integrity, availability, and compliance—address different aspects of information security. Integrity focuses on maintaining the accuracy and consistency of data, ensuring it is not altered in an unauthorized manner. Availability ensures that authorized users have access to information when needed. Compliance refers to adhering to laws, regulations, and policies governing the protection of information. However, the specific action of restricting access to authorized users is primarily about maintaining confidentiality.