2.2. Fundamental Security Concepts
š” First Principle: This section covers the conceptual foundations every security architecture rests on. Without the CIA Triad as a goal, you don't know what "secure" means. Without AAA, you can't control access. Without Zero Trust, your architecture has blind spots. These aren't abstract theories ā they're the decision frameworks that determine which controls you deploy and where.
What happens when organizations skip fundamentals? They protect the wrong things, grant access to the wrong people, and leave gaps they don't know exist. A company that focuses only on confidentiality might encrypt everything but have no backup strategy ā one ransomware attack and availability collapses. Another company with strong authentication but no accounting has no audit trail when a breach occurs.
Consider every technical control through this lens: which CIA property does it protect? Which AAA function does it serve? Which Zero Trust principle does it enforce? If you can answer instinctively, the exam becomes much easier.
