1.1.1. The CIA Triad: Security's Universal Framework
💡 First Principle: Every security decision balances three properties: Confidentiality (only authorized users see data), Integrity (data hasn't been tampered with), and Availability (systems work when needed). These properties often conflict—maximizing one may reduce another.
| Property | Question It Answers | Azure Example |
|---|---|---|
| Confidentiality | "Who can see this?" | Encryption, RBAC, Private Endpoints |
| Integrity | "Has this been tampered with?" | Immutable storage, audit logs, checksums |
| Availability | "Can I access this when needed?" | Redundancy, DDoS protection, backup |
Trade-off Example: Encrypting data at rest (confidentiality) adds processing overhead that may slow queries (availability). Requiring MFA for every action (confidentiality/integrity) frustrates users who may create workarounds (reduced security). The art is finding the right balance for your risk profile.
⚠️ Exam Trap: Questions often present scenarios where you must choose between services that optimize for different CIA properties. A service that maximizes confidentiality (like Always Encrypted, where even DBAs can't see data) may not be appropriate when availability or query performance is the priority.
