1.2.1. CIA Triad: Confidentiality, Integrity, Availability + Authenticity and Nonrepudiation

💡 First Principle: Confidentiality, integrity, and availability are in inherent tension. Maximum confidentiality (one person has access) breaks availability. Maximum availability (everyone can access everything immediately) breaks confidentiality. Security design is the art of calibrating these tensions to match the organization's risk tolerance and operational needs.

Confidentiality protects information from unauthorized disclosure. It applies to data at rest, in transit, and in use. The primary tools are encryption (make it unreadable), access controls (limit who can see it), and classification (define who should see it). Confidentiality breaches are the "data breach" events that generate regulatory penalties and news coverage.

Integrity ensures data remains accurate, consistent, and unmodified by unauthorized parties. Integrity can be violated actively (an attacker changes a bank transfer amount) or passively (transmission errors corrupt a file). Primary tools: cryptographic hashes (verify content hasn't changed), digital signatures (verify source and content), and change management (control what changes are authorized). Integrity attacks on critical systems — medical records, financial transactions, industrial controls — can be far more dangerous than confidentiality breaches.

Availability means authorized users can access information and systems when needed. Availability failures range from hardware faults to DDoS attacks to ransomware. The cost of unavailability is often the most immediately quantifiable security cost: every hour of downtime has a dollar figure. Primary tools: redundancy (eliminate single points of failure), backups (restore from known-good state), and DRP (formal plan to restore within RTO).

Authenticity adds the dimension of provenance: confirming that data or identity claims are genuine, not forged. Digital certificates bind an identity to a public key. Email authentication (SPF, DKIM, DMARC) confirms messages actually came from the claimed domain.

Nonrepudiation closes the accountability loop: ensuring an entity cannot later deny performing an action. Asymmetric cryptography enables this — only your private key could produce your digital signature, so the signature is legally attributable to you.

💡 Key Point: On the CISSP exam, when a question involves proving that a specific person sent a specific message, the answer almost always involves digital signatures (provides both authenticity AND nonrepudiation). Symmetric encryption or MACs provide integrity and authenticity but not nonrepudiation, because multiple parties share the key.

⚠️ Exam Trap: An HMAC (hash-based message authentication code) provides integrity and authentication but NOT nonrepudiation, because both sender and receiver hold the same secret key — either could have generated it. Digital signatures use the sender's unique private key, which is the nonrepudiation mechanism.

Reflection Question: A hospital needs to ensure that a doctor's order in the EHR cannot be altered after the fact, AND that the doctor cannot later deny writing the order. Which cryptographic mechanism addresses both requirements simultaneously, and why?