Cybersecurity has become a cornerstone of modern organizations.

Since I’ve decided to pursue a career in cloud security, I decided to strengthen my understanding and building a solid foundation in cybersecurity fundamentals by following the Certified Cloud Security Professional (CCSP) learning path.

This article explores the CIA triad, governance principles, control frameworks, compliance, and the difference between cybersecurity and information security, providing a clear picture of the basics every professional should know.

Information Security Management

At the heart of cybersecurity is information security management, which aligns security efforts with the organization’s requirements for:

• Confidentiality – ensuring only authorized entities access information.

• Integrity – protecting data from unauthorized modification or destruction.

• Availability – making sure systems and data are accessible when needed.

These three pillars form the CIA triad (sometimes referred to as AIC). Security management balances risk against investments, sets oversight mechanisms, and develops policies, standards, procedures, baselines, and guidelines that guide organizational practices.

Cybersecurity vs. Information Security

While often used interchangeably, there is a distinction:

• Information Security protects data in all forms—paper, digital, intellectual property, and even verbal or visual communication.

• Cybersecurity specifically protects digital assets, including networks, hardware, software, and information processed or stored within networked systems.

In short, information security is the umbrella concept, while cybersecurity focuses on protecting data in the digital domain.

Security Governance and Compliance

Cybersecurity programs are grounded in governance and compliance.

• Governance involves management oversight and practices that ensure security objectives are being met.

• Compliance ensures adherence to laws, regulations, policies, and standards. This includes regulatory requirements, internal policies, and security baselines designed to protect assets.

Non-compliance or oversight failures can lead to unauthorized disclosure, modification, or destruction of assets, which directly undermines the CIA triad.

The CIA Triad in Detail

Confidentiality

Confidentiality ensures that sensitive data is accessible only to those with proper authorization.

• Enforced through least privilege and need-to-know principles.

• Supported by encryption, access controls, and privacy protections.

Integrity

Integrity ensures that information remains trustworthy and unaltered.

• Achieved through checksums, hashing, digital signatures, and separation of duties.

• Protects against improper modifications and ensures authenticity and non-repudiation.

Availability

Availability ensures timely access to information and systems for authorized users.

• Achieved through backups, redundancy (RAID), clustering, and disaster recovery plans.

• Protects against outages or destruction that could disrupt business continuity.

DAD: The Opposite of CIA

To better understand CIA, consider its opposites, known as DAD:

• Disclosure – the opposite of confidentiality.

• Alteration – the opposite of integrity.

• Destruction – the opposite of availability.

This framework highlights the potential consequences of failing to implement proper security controls.

Cybersecurity as Risk Management

Cybersecurity is not just a technical requirement—it is a business necessity. Like financial or reputational risks, cybersecurity risks can directly impact the bottom line. Organizations evaluate vulnerabilities and threats against the CIA principles and implement controls to maintain security within acceptable levels.

Summary

Cybersecurity basics start with understanding the CIA triad and its role in information security management. By combining governance, compliance, and technical safeguards, organizations can ensure confidentiality, integrity, and availability of their assets.

• Confidentiality protects information from unauthorized access.

• Integrity ensures data accuracy and authenticity.

• Availability keeps systems accessible and reliable.

Ultimately, cybersecurity is risk management, balancing threats with business objectives while ensuring resilience in today’s interconnected world.