Chapter 2 Β· Helper 2

Concept Map

Visual breakdown of the CIA Triad pillars, their threats, and their mechanisms.

The Three Pillars

CIA Triad
πŸ”

Confidentiality

Only authorized parties can access data

  • Encryption
  • Access Controls
  • Two-Factor Auth
πŸ”

Integrity

Data is unchanged and verifiable

  • Hashing
  • Digital Signatures
  • Certificates
  • Non-repudiation
⚑

Availability

Systems always accessible when needed

  • Redundancy
  • Fault Tolerance
  • Patching

Threat-to-Pillar Mapping

Attacks
Attack / ThreatCIA Pillar ViolatedWhy
Unauthorized database access (data stolen)ConfidentialityData disclosed to unauthorized party
Man-in-the-middle alters transmitted dataIntegrityData was modified without authorization
DDoS attack takes website offlineAvailabilityAuthorized users can't access the service
Ransomware encrypts all filesAvailabilityData inaccessible; may also violate Confidentiality if data is exfiltrated
Password sniffing on networkConfidentialityCredentials disclosed to attacker
Log tampering to hide attacker activityIntegrityRecords altered; audit trail corrupted
Hardware failure with no backupAvailabilitySystems unreachable due to single point of failure

Memory Aids

Mnemonics

CIA = AIC

Both refer to the same triad. Use "AIC" to avoid confusion with the intelligence agency in exam contexts.

3 Security Questions

Can only the right people see it? β†’ Confidentiality
Has it been changed? β†’ Integrity
Can people reach it? β†’ Availability

Key per Pillar

C β†’ Encryption
I β†’ Hashing
A β†’ Redundancy