Figure 6-1: The C-I-A triad.
Information Security Governance Concepts and Principles
As a CISSP candidate, you must fully understand the three fundamental information security concepts that comprise the C-I-A triad and form the basis of information security (see Figure 6-1):
As with any triangular shape, all three sides depend on each other (think of a three-sided pyramid or a three-legged stool) to form a stable structure. If one piece falls apart, the whole thing falls apart. All other domains within the CISSP Common Body of Knowledge (CBK) are based on these three important concepts.
Where security is concerned, you also need to understand the defense-in-depth concept, how to avoid single points of failure, and how to incorporate these concepts into security planning.
Confidentiality prevents the unauthorized use or disclosure of information, ensuring that only those who are authorized to access information can do so. Privacy is a closely related concept that’s most often associated with personal data. Various U.S. and ...