# CIA Triad One-sentence definition: Foundational model ensuring **Confidentiality**, **Integrity**, and **Availability** of information. ## Key Facts - Confidentiality prevents unauthorized disclosure; methods: encryption, access control, need-to-know. - Integrity prevents unauthorized alteration; methods: hashing, digital signatures, checksums. - Availability ensures timely, reliable access; methods: redundancy, backups, scaling. - Security often involves **trade-offs** among C, I, A; prioritize per business impact. - Data states: at rest, in transit, in use—controls differ by state. - Map controls to threats: e.g., eavesdropping → confidentiality controls; tampering → integrity controls. - Common failures: misconfigurations, weak IAM, single points of failure (SPOF). - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Expect scenario questions asking which control best supports C, I, or A. - Prioritization questions: which objective is most critical in a given use case. **Mnemonic:** “Cats In Attics” → C, I, A. ## Mini Scenario Q: A hospital must access records 24/7—what objective dominates? A: Availability (with strong confidentiality and integrity also required). ## Revision Checklist - Define C, I, A with one control example each. - Identify data states and matching controls. - Recognize trade-offs and prioritize by business impact. ## Related [[Security Governance]] · [[Control Types and Categories]] · [[Risk Management Lifecycle]] · [[Attack Surface, Exposure, and Attack Vectors]] · [[Data Classification (Governance Overview)]] · [[Domain 1 - Index]]