Data Security (KA 5) — CIA Triad in Practice

Data Security (KA 5) — CIA Triad in Practice

Confidentiality, Integrity, Availability — and the DMBOK access/classify/encrypt/audit loop.

Why it matters

Security isn't a layer — it's a property every other KA exhibits or doesn't. DMBOK insists on the CIA triad as the floor, with classification driving control.

Going deeper

The four practical pillars DMBOK consolidates:

• Classify — every column tagged Public / Internal / Confidential / Restricted.
• Control — least-privilege RBAC + ABAC; segregation of duties.
• Encrypt — at rest (storage), in transit (TLS), and in use (tokenisation / field-level encryption for restricted data).
• Audit — immutable access logs, reviewed on a cadence (not just retained).

The classification step is the multiplier. Without it, controls fall back to ‘all tables are equally protected’ — which means under-protected for the restricted ones and over-protected for the public ones.

Data security is the layered defence of a museum.

A museum doesn't put the Mona Lisa in the gift shop. It uses a zone strategy: public lobby (low control, anyone walks in), galleries (ticketed, watched), behind-glass exhibits (sensors + alarms), and the conservation vault (named-list access + biometric). Same building, four zones, controls scaled to the asset.

A data platform that treats every table as ‘behind glass’ is the museum that alarms the gift-shop pencils — staff training collapses and the real exhibits get ignored when an alert fires. Classification is the zone map.