1.2. The Three Pillars of Security Thinking
💡 First Principle: Every information security objective traces back to three core properties — confidentiality (limited access), integrity (trustworthy state), and availability (accessible when needed) — plus two supporting properties for accountability: authenticity (verified identity) and nonrepudiation (undeniable actions). Understanding which pillar is threatened or supported immediately narrows your answer options.
When you encounter any exam scenario, the first analytical question is: Which pillar is at stake? A ransomware attack primarily threatens availability. A data theft attack threatens confidentiality. An invoice manipulation attack threatens integrity. The appropriate controls flow directly from the answer.
| Pillar | Core Question | Primary Threat | Primary Control |
|---|---|---|---|
| Confidentiality | Can only authorized people read this? | Unauthorized disclosure | Encryption, access controls, classification |
| Integrity | Is this data accurate and unaltered? | Unauthorized modification | Hashing, digital signatures, change controls |
| Availability | Can authorized users access this when needed? | Disruption, destruction | Redundancy, backups, DR planning |
| Authenticity | Is this really from who it claims? | Impersonation, spoofing | Digital certificates, MFA |
| Nonrepudiation | Can the sender deny this action? | Repudiation | Digital signatures, audit logs |
⚠️ Common Misconception: Many candidates treat "authentication" and "nonrepudiation" as near-synonyms. Authentication proves identity at a moment in time and can be denied later ("my credentials were stolen"). Nonrepudiation provides cryptographic proof that cannot be repudiated — digital signatures accomplish this because only the private key holder could have produced the signature.
