2.2.1. CIA Triad and Non-Repudiation
š” First Principle: The CIA Triad from Phase 1 is your diagnostic framework. Here we add non-repudiation ā the guarantee that someone cannot deny having performed an action. Together, these four pillars define what "information security" means. Every security control, every policy, and every architecture decision maps back to protecting one or more of these pillars.
Confidentiality protects information from unauthorized disclosure. Controls: encryption (at rest and in transit), access controls (permissions, ACLs), data classification (labeling sensitivity), physical security (locked server rooms), data masking and tokenization. Violations: data breaches, eavesdropping, shoulder surfing, unauthorized access, accidental disclosure.
Integrity protects information from unauthorized modification. Controls: hashing (verifying data hasn't changed), digital signatures (proving authenticity and integrity together), version control (tracking changes), input validation (preventing injection), checksums for file integrity monitoring. Violations: data tampering, man-in-the-middle attacks, SQL injection, unauthorized configuration changes.
Availability ensures authorized users can access resources when needed. Controls: redundancy (failover clusters, RAID), backups (onsite and offsite), load balancing (distributing traffic across servers), disaster recovery planning, UPS and generator power. Violations: DDoS attacks, ransomware (encrypts data, destroying availability), hardware failures, natural disasters, cable cuts.
Non-repudiation ensures a party cannot deny performing an action. Digital signatures provide non-repudiation ā a document signed with your private key proves you signed it because only you possess that key. Tamper-proof audit logs also support non-repudiation by creating undeniable records of actions. Non-repudiation is critical for legal evidence, financial transactions, and regulatory compliance.
Applying the framework: When evaluating any security scenario, ask: "which pillar is at risk?" A DDoS attack threatens availability. A data breach threatens confidentiality. A tampered configuration file threatens integrity. This classification drives the correct response.
ā ļø Exam Trap: Non-repudiation requires asymmetric cryptography (digital signatures). Symmetric encryption cannot provide non-repudiation because both parties share the same key ā either could have created the ciphertext. Look for digital signatures or PKI when a question asks about non-repudiation.
