Domain 1
1.2 Fundamental Security Concepts
Summarize fundamental security concepts.
0% Complete

The CIA Triad is the foundation of information security. Every control protects at least one of its three goals.
1) Confidentiality
Information is accessible only to authorized people or systems.
- Mechanisms → encryption (at rest & in transit), MFA, password policies, ACLs, RBAC, segmentation, VPN, tokenization, data masking
- Attacks → data breaches, packet sniffing, eavesdropping, shoulder surfing, credential theft, phishing
- Example → stolen laptop with AES-256 disk → data unreadable
- Exam keywords → *privacy, secrecy, unauthorized disclosure, sensitive data*
2) Integrity
Information stays accurate, complete, and unchanged without authorization.
- Mechanisms → hashing (SHA-256), digital signatures, checksums, MAC, FIM, version control, immutable logs
- Attacks → unauthorized modification, MITM, log tampering, malware that alters files
- Example → SHA-256 hash on download matches → file unchanged
- Exam keywords → *modified, tampered, altered, verify, checksum, hash*
3) Availability
Services and data are accessible when legitimate users need them.
- Mechanisms → backups, redundancy, failover clustering, RAID, load balancing, DR, HA, UPS, generators, DDoS protection
- Attacks → DDoS, ransomware, hardware failure, power outage, resource exhaustion
- Example → primary server fails → backup takes over with no downtime
- Exam keywords → *uptime, redundancy, failover, accessible, business continuity*
How they work together
An online bank → - Data encrypted → Confidentiality - Transactions hashed/signed → Integrity - Backup servers + load balancing → Availability