CIA TRIAD

What does C in CIA stand for?

Confidentiality — ensuring data is only accessible to authorized individuals.

What does I in CIA stand for?

Integrity — ensuring data remains unchanged during transfer or storage.

What does A in CIA stand for?

Availability — ensuring systems and data are accessible when needed.

What is the goal of confidentiality?

To keep sensitive data from being disclosed to unauthorized users.

What are examples of confidentiality controls?

Encryption, access controls, MFA, VPNs.

What is the role of encryption in confidentiality?

It protects data by making it unreadable to unauthorized parties.

What is the goal of integrity?

To maintain data accuracy, consistency, and trustworthiness.

What technology ensures data integrity?

Hashing.

What are examples of integrity violations?

Data tampering, unauthorized modifications, transmission errors

How do digital signatures support integrity?

They verify data has not been altered and authenticate the sender.

What is the goal of availability?

To ensure resources and services are available when needed.

What supports availability in a secure environment?

Redundancy, backups, load balancing, UPS systems, patching.

What is a common threat to availability?

Denial-of-service (DoS) attacks.

What’s a common challenge between confidentiality and availability?

Strong security may reduce ease of access for authorized users.

Why is balancing all three CIA principles important?

It ensures data is secure, accurate, and accessible — a complete security posture.