# CIA Triad Backlink: [[Domain 1 - Index]] **Definition:** The CIA triad comprises **Confidentiality**, **Integrity**, and **Availability**—the three primary objectives of information security. ## Key Facts - Confidentiality: prevent unauthorized disclosure (need-to-know, least privilege). - Integrity: prevent unauthorized modification; ensure accuracy and completeness. - Availability: ensure timely, reliable access for authorized users. - **Trade-offs:** Improvements to one pillar can strain another (e.g., encryption vs. availability). - Mapped to controls: access control → confidentiality; hashing/validation → integrity; redundancy/DR → availability. - Extended models: authenticity, accountability, non-repudiation, safety. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Common stem: “Which control best supports <C/I/A>?” - Scenario prioritization (e.g., life safety → availability). >[!note] **Mnemonic** - “Can’t I Access? Alert!” ### Example Q: Hospital EHR prioritization? A: Availability first (patient care), then integrity, then confidentiality (all important). ## Revision Checklist - [ ] Define each pillar succinctly - [ ] Map 2–3 controls to each pillar - [ ] Recognize trade-offs - [ ] Identify primary pillar per business context ## Related [[Security Control Types]] · [[Risk Management Process]] · [[Business Impact Analysis (BIA)]] · [[Recovery Objectives (RTO, RPO, WRT, MTD)]] · [[Security Governance]] #cisSP #domain-1 #concept