Chapter 2 Β· Helper 1

Glossary of Terms

Key vocabulary for the CIA Triad. Search or scroll to find any term.

CIA Triad
The three core principles of information security: Confidentiality, Integrity, and Availability. The foundational model for designing security strategies and evaluating threats.
AIC Triad
Alternative name for the CIA Triad (Availability, Integrity, Confidentiality) used to avoid confusion with the US Central Intelligence Agency. The principles are identical.
Confidentiality
The principle that information should only be accessible to authorized individuals, systems, or processes. Prevents unauthorized disclosure of sensitive data.
Integrity
The principle that data is stored and transmitted exactly as intended. Any unauthorized modification must be detectable. Applies to data at rest and in transit.
Availability
The principle that systems, networks, and data are accessible to authorized users whenever needed. Outages and denial-of-service attacks violate availability.
Encryption
A confidentiality mechanism that encodes data so only authorized parties with the correct key can read it. Protects data even if intercepted during transmission.
Access Control
A confidentiality mechanism that restricts who can access specific resources based on identity, role, or permissions. Examples: file permissions, network ACLs, role-based access.
Two-Factor Authentication (2FA)
An additional verification layer requiring a second factor (e.g., mobile code, biometric) beyond a password. Protects confidentiality by ensuring only the legitimate account owner gains access.
Hashing
An integrity mechanism that converts data of any length into a fixed-length value (hash/digest). If even one bit of data changes, the resulting hash changes completely. Used to verify data has not been altered.
Digital Signature
A cryptographic mechanism that verifies both the integrity of data and the identity of the sender. Created by encrypting a hash with the sender's private key. Provides non-repudiation.
Certificate
A digital document that combines identity information with a public key, signed by a trusted Certificate Authority. Used to verify identities and support integrity mechanisms.
Non-Repudiation
The inability to deny having performed an action. In the CIA Triad, non-repudiation sits within Integrity β€” it provides proof that data came from a specific source and has not been altered.
Redundancy
An availability mechanism where duplicate systems or components are deployed so that if one fails, others continue operating. Examples: RAID storage, load-balanced servers, backup ISPs.
Fault Tolerance
The ability of a system to continue operating when one or more of its components fail. Closely related to redundancy β€” fault-tolerant systems automatically switch to backup components.
Patching
Applying software updates to fix known vulnerabilities and improve stability. An availability control because unpatched systems are more susceptible to crashes and exploits that cause downtime.
Message Digest
Another name for a hash value β€” the fixed-length output of a hash function. Represents a unique fingerprint of the original data.