The Three Pillars
CIA Triadπ
Confidentiality
Only authorized parties can access data
- Encryption
- Access Controls
- Two-Factor Auth
π
Integrity
Data is unchanged and verifiable
- Hashing
- Digital Signatures
- Certificates
- Non-repudiation
β‘
Availability
Systems always accessible when needed
- Redundancy
- Fault Tolerance
- Patching
Threat-to-Pillar Mapping
Attacks| Attack / Threat | CIA Pillar Violated | Why |
|---|---|---|
| Unauthorized database access (data stolen) | Confidentiality | Data disclosed to unauthorized party |
| Man-in-the-middle alters transmitted data | Integrity | Data was modified without authorization |
| DDoS attack takes website offline | Availability | Authorized users can't access the service |
| Ransomware encrypts all files | Availability | Data inaccessible; may also violate Confidentiality if data is exfiltrated |
| Password sniffing on network | Confidentiality | Credentials disclosed to attacker |
| Log tampering to hide attacker activity | Integrity | Records altered; audit trail corrupted |
| Hardware failure with no backup | Availability | Systems unreachable due to single point of failure |
Memory Aids
MnemonicsCIA = AIC
Both refer to the same triad. Use "AIC" to avoid confusion with the intelligence agency in exam contexts.
3 Security Questions
Can only the right people see it? β Confidentiality
Has it been changed? β Integrity
Can people reach it? β Availability
Key per Pillar
C β Encryption
I β Hashing
A β Redundancy