Security Concepts — The 5 Pillars
Understand and apply concepts of confidentiality, integrity, availability, authenticity, and nonrepudiation
The CISSP doesn't test three pillars — it tests five. The five pillars of information security are:
Confidentiality — information accessible only to authorized parties
Integrity — data is accurate, complete, and unaltered
Availability — systems and data accessible when needed
Authenticity — verified identity of users, systems, and data origin
Nonrepudiation — inability to deny an action occurred
Most people memorize CIA. The exam tests whether you understand Authenticity ≠ Nonrepudiation. Authenticity proves identity. Nonrepudiation proves an action happened and who did it. A digital signature provides both — but they're distinct concepts.
At a Fortune 500 with a mature security program, each pillar maps to specific controls:
- Confidentiality — AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, data classification labels
- Integrity — SHA-256 hash verification, digital signatures on code commits, change management process, database constraints
- Availability — Active-active data centers, load balancers, automated failover, tested DR plan with 4-hour RTO
- Authenticity — PKI certificates for all internal services, MFA for all users, DKIM/SPF on email, code signing
- Nonrepudiation — Centralized audit logging (SIEM), tamper-evident log storage, digital signatures on financial transactions
Notice: each pillar has multiple controls implementing it. No single control covers all five. This is defense in depth applied to the security model itself.
| Pillar | Protects | Broken By | Key Controls |
|---|---|---|---|
| Confidentiality | Unauthorized disclosure | Data breach, eavesdropping, shoulder surfing | Encryption, access controls, classification |
| Integrity | Unauthorized modification | Tampering, malware, SQL injection, bit rot | Hashing, digital signatures, change mgmt |
| Availability | System access when needed | DDoS, ransomware, hardware failure, disaster | Redundancy, failover, backups, load balancing |
| Authenticity | Verified identity of origin | Spoofing, phishing, certificate forgery | PKI, MFA, DKIM/SPF, code signing |
| Nonrepudiation | Proof an action occurred | Log deletion, lack of audit trail, unsigned transactions | Digital signatures, SIEM, tamper-evident logs |
Authenticity vs. Nonrepudiation — the exam's favorite distinction:
Authenticity = "Who are you?" (proves identity)
Nonrepudiation = "You can't deny you did it" (proves action)
A digital signature provides both. MFA provides only authenticity. An audit log provides only nonrepudiation.
You're a security analyst at a regional hospital. At 3 AM, ransomware encrypts the EHR system.
The Ransomware Attack
Regional hospital · 1,200 staff · EHR system encryptedAll five pillars are hit:
- Availability — EHR is encrypted, staff can't access records (most immediately life-threatening)
- Confidentiality — 200GB of patient data exfiltrated before encryption
- Integrity — can you trust data after decryption? Attacker may have modified records
- Authenticity — how did the attacker get in? Compromised credentials mean identity verification failed
- Nonrepudiation — if logs are encrypted too, you can't prove what happened when
Triage by pillar priority: Availability first (lives at risk). Then integrity (can you trust restored data?). Then confidentiality (breach notification clock starts). The 5 pillars aren't just theory — they're your incident response framework.
In practice, hospitals run on paper during outages. Downtime procedures exist for this. The security team focuses on containment and forensics while clinical staff switch to manual processes. The CISO's first call isn't to IT — it's to the incident commander.
On the exam: Availability is the pillar most directly tied to human safety. When lives are at stake, availability trumps confidentiality.
After the ransomware attack, backups are restored. The CFO demands: "Go live now — we're losing $200K/hour." But your integrity checks show 3 database tables have mismatched checksums. The data may have been modified before encryption.
Restore and go live immediately
Availability is critical — patients are at risk. Fix integrity issues later once systems are running.
Delay restoration until integrity is verified
Corrupted medical records could lead to wrong dosages. Integrity must be confirmed before availability.
Option B is correct — integrity before availability when safety is at stake
Option B: In healthcare, corrupted data is more dangerous than no data. A wrong drug interaction record could kill a patient. Clinicians can use paper-based downtime procedures while integrity is verified — they can't detect silently modified records.
Option A's kernel of truth: Availability matters enormously in healthcare. But "go live with unverified data" isn't restoring availability — it's creating a new, invisible threat. The exam tests whether you understand this distinction.
On the exam: when integrity and availability conflict, ask "what's the consequence of wrong data vs. no data?" In healthcare and finance, integrity usually wins.
When you see "proves identity" vs. "proves action": Authenticity = proving who someone is (certificates, MFA). Nonrepudiation = proving someone did something and they can't deny it (digital signatures, audit logs). A digital signature provides both, but the exam tests whether you know the distinction. If the question asks "which prevents denial of sending a message?" — that's nonrepudiation, not authenticity.
- A Confidentiality and availability
- B Integrity, authenticity, and nonrepudiation
- C Confidentiality and integrity
- D Availability and authenticity
Correct: B. A digital signature proves the code wasn't tampered with (integrity), verifies who signed it (authenticity), and the signer can't deny signing it (nonrepudiation). It does NOT encrypt the code (no confidentiality) and has nothing to do with uptime (no availability).