Security controls across physical and digital domains typically aim to protect which trio?

Security controls are built around three core properties of information and systems: confidentiality, integrity, and availability. Confidentiality means information is protected from being disclosed to unauthorized people. Integrity ensures information is accurate, complete, and has not been tampered with. Availability guarantees that authorized users can access the data and systems when needed. These three together cover both physical and digital domains—for example, physical access controls protect confidentiality by preventing unauthorized entry, while encryption protects confidentiality in data in transit or at rest; integrity is maintained through checksums, digital signatures, and audit trails; availability is supported by backups, redundancy, and disaster recovery plans. The other options don’t capture the full security focus: accessibility and reliability describe usability and uptime rather than safeguarding information, privacy and anonymity relate more to who can access information, and cost, speed, and efficiency are performance metrics rather than security objectives.