CYBERSECURITY FUNDAMENTALS

The CIA Triad

The foundational framework of information security — master the three pillars that protect every digital system.

🔒
Confidentiality
Ensuring only authorized individuals can access sensitive information.
Integrity
Guaranteeing data is accurate, complete, and unaltered by unauthorized parties.
Availability
Ensuring authorized users can access information and systems when needed.

WHY IT MATTERS

  • Provides a universal framework for security decisions
  • Guides risk assessment and policy creation
  • Aligns with compliance standards (NIST, ISO 27001, CMMC)
  • Balances competing security priorities

HISTORICAL CONTEXT

  • CIA Triad origins trace to DoD security policies of the 1970s
  • Formalized by NIST in SP 800-33 (2001)
  • Some frameworks extend to CIANA (adding Non-repudiation & Authentication)
  • Basis of every major security certification exam

KEY INSIGHT

  • The three pillars are often in tension with each other
  • Maximum security ↑ often reduces availability ↓
  • Security professionals must balance all three based on context
  • No single pillar is more important than the others

⚔️ Real-World Attack Mapping

Click any attack to see which CIA pillar(s) it threatens.

🎧
Eavesdropping
CONFIDENTIALITY
✏️
Data Tampering
INTEGRITY
💥
DDoS Attack
AVAILABILITY
🎣
Phishing
CONFIDENTIALITY
🔐
Ransomware
INTEGRITY + AVAILABILITY
🕵️
Insider Threat
ALL THREE PILLARS
🔒
PILLAR 01 · CIA TRIAD
Confidentiality
Confidentiality ensures that sensitive information is accessible only to those with explicit authorization. It prevents unauthorized disclosure through access controls, encryption, and data classification — protecting privacy, trade secrets, and national security alike.

PURPOSE

  • Prevent unauthorized access to data at rest and in transit
  • Protect personal identifiable information (PII)
  • Guard intellectual property and trade secrets
  • Ensure regulatory compliance (HIPAA, FERPA, GDPR)
  • Maintain user privacy and organizational trust

IMPLEMENTATION CONTROLS

  • Encryption AES-256, TLS/SSL, end-to-end
  • Access Control RBAC, MAC, DAC models
  • Authentication MFA, biometrics, certificates
  • Classification Public / Internal / Confidential / Secret
  • Steganography Hiding data within other data

📋 REAL-WORLD SCENARIOS — Click to Expand

🏥
Healthcare Records
HIPAA-protected patient data
A hospital encrypts all electronic health records (EHR) using AES-256. Doctors access records through role-based permissions — a radiologist sees imaging data but not billing records. All network traffic uses TLS 1.3. This protects patient confidentiality while meeting HIPAA Security Rule requirements.
💳
Financial Transactions
Banking and credit card security
Banks use end-to-end encryption for all transactions. Credit card numbers are tokenized so merchants never see the actual PAN. Multi-factor authentication protects online banking. PCI-DSS compliance mandates these controls to prevent unauthorized access to cardholder data.
🎓
Student Records
FERPA compliance in education
Under FERPA, student grades and records are confidential. College systems use role-based access — advisors see academic records, financial aid staff see billing, but neither sees the other's domain. Students control who (employers, parents) can access their records via signed consent forms.
🏛️
Government Classified
National security data
Classified government networks (SIPRNet, JWICS) use mandatory access control (MAC). Data is labeled Confidential / Secret / Top Secret. Air-gapped systems prevent internet connection. Personnel require appropriate clearance AND need-to-know for every document accessed — two separate criteria.

⚠️ COMMON THREATS TO CONFIDENTIALITY

An attacker secretly intercepts communication between two parties, reading data in transit. Defense: Use TLS/HTTPS, certificate pinning, and HSTS to ensure encrypted, authenticated connections.
Attackers trick users into revealing credentials or sensitive data. Defense: Security awareness training, MFA, email filtering with DMARC/SPF/DKIM, and zero-trust architecture.
Unauthorized viewing of screens or documents in public/office spaces. Defense: Privacy screens, clean desk policies, badge access to sensitive areas, and screen lock policies.
Sensitive data stored in plaintext can be read by anyone who gains physical or logical access. Defense: Full-disk encryption (BitLocker, FileVault), database encryption, and proper key management.
PILLAR 02 · CIA TRIAD
Integrity
Integrity ensures that data remains accurate, consistent, and trustworthy throughout its entire lifecycle. It guarantees that information has not been modified, deleted, or corrupted — whether by accident, system failure, or deliberate attack — without authorization.

PURPOSE

  • Ensure data accuracy and trustworthiness
  • Detect unauthorized modification of data or systems
  • Provide non-repudiation for digital transactions
  • Maintain the chain of custody in forensic investigations
  • Support audit trails and regulatory compliance

IMPLEMENTATION CONTROLS

  • Hashing SHA-256, SHA-3, MD5 (deprecated)
  • Digital Signatures RSA, ECDSA — verify source & integrity
  • Checksums CRC32, file verification tools
  • Version Control Git, audit logs, change management
  • Input Validation Sanitize inputs to prevent injection

🔬 INTERACTIVE: Hash Demonstration

Type any message below and watch how even a single character change produces a completely different hash — this is how integrity verification works.

SIMULATED SHA-256 HASH OUTPUT:
💡 Change one character — notice the entire hash changes completely. This is called the avalanche effect.

📋 REAL-WORLD SCENARIOS — Click to Expand

💊
Medical Prescription
Preventing tampered dosage data
Electronic prescriptions use digital signatures to ensure a doctor's order cannot be altered during transmission to a pharmacy. A hash of the original prescription is signed with the doctor's private key. The pharmacy verifies the signature — any modification to the dosage or drug name invalidates the signature.
⚖️
Legal Evidence
Digital forensics chain of custody
When law enforcement collects digital evidence, they immediately hash the drive (MD5 + SHA-1). Every copy made must produce the same hash. Courts require proof that evidence was not modified — hash verification is the gold standard for proving data integrity in legal proceedings.
💻
Software Downloads
Verifying untampered installers
Software vendors publish SHA-256 hashes of installers on their website. Users download the file and compare the computed hash against the published value. If a supply-chain attacker injects malware into the download, the hash will not match — alerting the user to reject the corrupt file.
🗳️
Election Systems
Preventing vote tampering
Modern audit systems log each ballot with a cryptographic hash. After an election, any alteration to the vote database would change the hash values, making tampering immediately detectable. Paper ballot backups provide a separate integrity check against the digital record.

⚠️ COMMON THREATS TO INTEGRITY

Attackers inject malicious SQL code to modify, delete, or corrupt database records. Defense: Parameterized queries, prepared statements, input validation, and WAF (Web Application Firewall).
Malicious code inserted into legitimate software updates (e.g., SolarWinds). Defense: Code signing, software bill of materials (SBOM), vendor risk assessment, and hash verification of all updates.
Ransomware encrypts files, rendering them unusable — a severe integrity violation. Defense: Immutable backups (3-2-1 rule), endpoint detection, network segmentation, and regular backup testing.
PILLAR 03 · CIA TRIAD
Availability
Availability ensures that information, systems, and services remain accessible to authorized users whenever they need them. It protects against outages — planned or unplanned — through redundancy, fault tolerance, and disaster recovery, because a system that cannot be accessed is a system that cannot be trusted.

PURPOSE

  • Guarantee business continuity and uptime SLAs
  • Protect against disruption from attacks or failures
  • Enable disaster recovery within defined RTO/RPO targets
  • Ensure critical infrastructure remains operational
  • Maintain user productivity and customer trust

IMPLEMENTATION CONTROLS

  • Redundancy RAID, failover clusters, hot standbys
  • Load Balancing Distribute traffic across multiple servers
  • Backups 3-2-1 rule: 3 copies, 2 media, 1 offsite
  • DDoS Protection CDN, rate limiting, scrubbing centers
  • UPS/Generator Power continuity for physical infrastructure

📊 INTERACTIVE: Uptime & Downtime Calculator

SLAs are defined by the famous "nines" of availability. Select a tier to see the real downtime impact.

📋 REAL-WORLD SCENARIOS — Click to Expand

🏦
Banking ATM Network
24/7 financial access requirements
Banks operate geographically distributed data centers with active-active failover. ATMs connect to multiple networks (primary + cellular backup). Routine maintenance uses rolling updates — never taking all systems offline simultaneously. SLAs typically require 99.99% uptime (52 minutes downtime/year max).
🚨
911 Emergency Services
Life-critical system availability
911 dispatch systems use triple-redundant power (utility + UPS + generators), redundant fiber connections from multiple ISPs, and geographically separated backup call centers. Systems must reach 99.999% uptime (5 nines = ~5 min downtime/year) because any outage can cost lives.
☁️
Cloud Services
AWS/Azure/Google multi-region
Major cloud providers deploy across multiple availability zones and regions. Auto-scaling groups add capacity when load spikes. Content delivery networks (CDNs) cache static content at edge servers globally, reducing origin load. Health checks automatically route traffic away from failed instances.
Power Grid SCADA
Critical infrastructure protection
Power grid control systems (SCADA/ICS) require extreme availability. They use air-gapped networks to prevent cyber attacks, redundant communication protocols, and manual override capabilities. The Colonial Pipeline ransomware attack (2021) took systems offline for 6 days, causing fuel shortages across the Eastern US.

⚠️ COMMON THREATS TO AVAILABILITY

Attackers flood systems with traffic from thousands of compromised machines (botnet), overwhelming servers and making them unavailable to legitimate users. Defense: DDoS mitigation services (Cloudflare, AWS Shield), rate limiting, anycast routing, and traffic scrubbing.
Ransomware encrypts critical files and databases, halting operations until ransom is paid or systems are restored. Defense: Offline immutable backups, network segmentation, endpoint detection and response (EDR), and tested incident response plans.
Disk failures, power outages, floods, or fires can destroy physical infrastructure. Defense: Geographic redundancy, RAID arrays, UPS/generator backup power, and tested disaster recovery plans with defined RTO/RPO.
QUESTION 1 OF 10