According to the CIA Triad audit tip, every cybersecurity control should map to which objective?

Every cybersecurity control should map to the protection goals defined by the CIA triad: confidentiality, integrity, and availability. These three objectives represent the essential aims of safeguarding information assets. When you evaluate or design controls, you connect each control to how it preserves one or more of these goals. For example, encryption and access controls bolster confidentiality by restricting who can read data; hashing and digital signatures protect integrity by detecting unauthorized changes; backups, redundancy, and disaster recovery plans support availability by ensuring data and services are accessible when needed. This approach creates a clear, auditable link between risk management and security outcomes, ensuring controls aren’t evaluated only on efficiency or compliance but on how well they protect information. While factors like process efficiency, regulatory reporting, or user satisfaction can be influenced by security, they are not the core objectives of information security according to the CIA triad; the primary focus is maintaining confidentiality, integrity, and availability.