THETHREE SAFES.

The first safe has a combination lock and a blindfold rule — you can only open it if you know the code, and nobody else can watch. Inside are the secret recipes. Only Gary and his head barista know the combination.

That's Confidentiality — keeping secrets secret. A customer sneaks behind the counter and reads the recipe book → that's a confidentiality breach. The fix? Encryption (the combination lock) and access controls (the blindfold rule).

The second safe has a tamper-evident seal — red wax with Gary's thumbprint. Inside is the accounts ledger. If anyone changes a number, the seal breaks and Gary knows.

That's Integrity — making sure data hasn't been altered. Someone changes "10 bags of beans" to "100 bags" → that's an integrity breach. The fix? Hashing (the wax seal — any change breaks it) and digital signatures (Gary's thumbprint — proves who sealed it).

Gary's thumbprint on the seal means he can't deny he approved the ledger. That's non-repudiation — the digital signature proves both identity and integrity. You can't sign and then say you didn't.

The third safe isn't really a safe — it's the water supply. It doesn't hide anything or prove anything. It just needs to flow. Every day, all day. No water, no coffee, shop shuts.

That's Availability — making sure things are there when you need them. Someone dumps a truckload of gravel into the water main → that's a DDoS (flooding the pipe with rubbish so nothing useful gets through). Ransomware padlocks the stopcock → that's an availability attack. The fix? Redundancy (a second water supply), backups (bottled water), and load balancing (two taps sharing the pressure).

Gary also has a sign-in book at the door. Three questions, every visitor, every time.

"Who are you?" → Authentication (prove your identity). "Are you allowed in the kitchen?" → Authorisation (what can you access). "What did you do while you were here?" → Accounting (logging your actions). That's AAA — the three questions every security system asks.