Chapter 2 Β· The CIA Triad

The Breach at DataSafe Corp

Follow Maria as she investigates a multi-layered security incident β€” and discovers each corner of the CIA Triad was violated.

The Alert

Maria, lead security engineer at DataSafe Corp, was woken by a phone call. The on-call system had fired three alerts simultaneously. She logged in remotely and immediately saw the damage: the customer database had been accessed without authorization, records had been silently modified, and the company's online portal was completely unreachable.

"Three separate violations," she muttered, pulling up the incident timeline. "Confidentiality, Integrity, Availability. Someone hit all three pillars of the CIA Triad."

πŸ’‘ The CIA Triad The three fundamental principles of information security: Confidentiality, Integrity, and Availability. Also called the AIC Triad (same principles, different order β€” to avoid confusion with the intelligence agency).

The Data Was Seen

The first violation was a confidentiality breach. An attacker had used a stolen credential to access the customer database. They had read 14,000 records β€” names, email addresses, encrypted payment data. The data was viewed but not supposed to be.

"Confidentiality means only authorized people see authorized data," Maria explained to her manager. "Someone who shouldn't have accessed this database did."

She traced the failure: the stolen account lacked multi-factor authentication, and the encryption on the API endpoint had been misconfigured. Two confidentiality controls had failed simultaneously β€” access control and encryption.

πŸ” Confidentiality β€” Prevention Tools

  • Encryption β€” encode data so only authorized parties can read it
  • Access Controls β€” restrict who can reach which resources
  • Two-Factor Authentication (2FA) β€” require additional verification before granting access

The Records Were Changed

The second violation was more subtle β€” and more dangerous. While inside the database, the attacker had modified 200 financial records, altering transaction amounts by small values to avoid detection. The changes had been in place for 72 hours before the alert triggered.

"Integrity means data is stored and transferred exactly as intended," Maria said grimly. "If any modification occurs β€” even one byte β€” we need to detect it."

She pulled up the integrity monitoring system. The hash values for affected records no longer matched their stored baselines. "These records were changed. The hashes tell us that." She cross-referenced with the digital signature logs β€” because the database changes had bypassed the signing process, there was no authenticated trail.

πŸ” Integrity β€” Verification Tools

  • Hashing β€” fixed-length fingerprint of data; any change produces a different hash
  • Digital Signatures β€” cryptographically verify data hasn't been altered and confirms origin
  • Certificates β€” combine with digital signatures to verify identities
  • Non-repudiation β€” proof that a specific action occurred and cannot be denied

The System Went Dark

The third violation was the most visible: a distributed denial-of-service attack had flooded DataSafe's online portal with traffic, taking it offline for six hours. Customers couldn't log in, staff couldn't process orders, and the business lost thousands of dollars per minute.

"Availability means authorized users can always reach the systems they need," Maria said. "We failed that completely."

She reviewed the architecture. There was no redundant server infrastructure. The single origin server had been overwhelmed. No fault-tolerant failover system existed. And the systems hadn't been patched in eight months β€” one of the vulnerabilities exploited to amplify the attack had a patch available for six months.

⚑ Availability β€” Resilience Tools

  • Redundancy β€” duplicate services so if one fails, another takes over
  • Fault Tolerance β€” systems continue running even when a component fails
  • Patching β€” keep systems stable and close security holes that attackers exploit

Rebuilding All Three Pillars

Over the next two weeks, Maria's team rebuilt DataSafe's security architecture around the CIA Triad. They deployed MFA for all accounts (Confidentiality), implemented real-time hash monitoring and mandatory digital signatures for database writes (Integrity), and added a CDN with failover and an automatic patching schedule (Availability).

"The CIA Triad isn't just a framework," she told the board. "It's a checklist for everything that can go wrong β€” and everything we need to protect."

βœ… The Core Lesson Every security decision maps to at least one CIA pillar. When evaluating a control or a threat, always ask: does this protect Confidentiality, Integrity, or Availability β€” or does it threaten one of them?