π― Trick 1 β Hashing vs. Encryption
Which CIA principle does hashing protect? Which does encryption protect? Many students mix these up.
Hashing creates a fingerprint to detect if data was changed β it doesn't hide the data. Encryption hides the data so unauthorized parties can't read it.
Memory trick: H for Hashing = H for Hasn't-changed (Integrity). E for Encryption = E for Eyes-only (Confidentiality).
π― Trick 2 β Ransomware Violates Which Pillar?
Ransomware encrypts all your files and demands payment. Which CIA pillar is violated?
β’ Availability: Files are inaccessible (encrypted by attacker)
β’ Confidentiality: Modern ransomware often exfiltrates data before encrypting (double extortion)
β’ Integrity: If the attacker modifies files rather than just encrypting them
On the exam, if only one violation is asked: Availability. But be ready for "which two pillars are violated in a double-extortion ransomware attack?" = Availability + Confidentiality.
π― Trick 3 β Patching Under Availability?
Why is patching listed as an Availability mechanism rather than a Security/Integrity one?
Unpatched systems crash more, get exploited by ransomware (availability attack), and fall victim to DoS via known vulnerabilities. Patching keeps systems UP β hence Availability.
It also helps Confidentiality (closing vulnerabilities that allow data theft) and Integrity (closing vulnerabilities that allow data modification), but its primary CIA classification is Availability.
π― Trick 4 β Non-Repudiation Under Integrity?
Non-repudiation means you can't deny your actions. Why is it listed under Integrity and not its own category?
Integrity = data wasn't changed. Non-repudiation = data wasn't changed AND came from a specific verified party. It's a stronger form of integrity that includes origin authentication. Digital signatures achieve both simultaneously.
π― Performance Task β Map the Breach
A hospital reports: 1) Attacker viewed patient records without authorization. 2) Attacker changed some medication dosage records. 3) Hospital's appointment system was offline for 4 hours. Map each incident to the correct CIA pillar and name one control that would have prevented or detected each.
2. Changing dosage records β Integrity. Detection: hash-based change monitoring on medical records; digital signatures on critical data.
3. System offline β Availability. Prevention: redundant failover servers; DDoS mitigation; patching to prevent exploit-based crashes.
π― Trick 5 β CIA Order: Does It Matter?
Some organizations prioritize Availability first (financial trading systems). Others prioritize Confidentiality first (intelligence agencies). Does the order of CIA matter for the exam?
CIA = AIC = CAI β all refer to the same three principles. The order is just a naming convention. What matters is knowing what each principle means and which mechanisms support it.
In real-world security, the relative priority of each pillar depends on business context β but CompTIA tests knowledge of definitions, not prioritization.