Which of the following does NOT fall under the CIA Triad in information security?

A. Confidentiality
B. Integrity
C. Accessibility
D. Availability

Answer: C

Explanation:

A. Confidentiality

Confidentiality ensures that sensitive information is only disclosed to authorized individuals, entities, or processes.

• The Goal: To prevent unauthorized "reading" of data.

• Common Controls: Encryption (AES, TLS), Access Control Lists (ACLs), and physical locks.

• Threats: Shoulder surfing, social engineering, and man-in-the-middle interception.

B. Integrity

Integrity ensures that information and systems are accurate, complete, and protected from unauthorized modification.  

• The Goal: To prevent unauthorized "writing" or altering of data.

• Common Controls: Hashing (SHA-256), Digital Signatures, and Message Authentication Codes (MACs).

• Threats: Data tampering, unauthorized file changes, and system crashes that corrupt data.

C. Accessibility

While "Accessibility" is a noble goal (ensuring that people with disabilities can use a system), it is not one of the three core pillars of the CIA Triad.

• Why it's the Answer: Accessibility is an administrative or usability requirement. In the CISSP mindset, "Availability" covers the technical requirement that data is reachable, whereas "Accessibility" is a specific subset of user experience that does not define security posture.

D. Availability

Availability ensures that systems, networks, and applications are up and running when authorized users need them.  

• The Goal: To prevent the unauthorized "denial" of service or data.

• Common Controls: RAID, Clustering, Load Balancing, Off-site backups, and DDoS mitigation.

• Threats: Hardware failure, power outages, and Denial of Service (DoS) attacks.