How do you explain the difference between confidentiality, integrity, and availability in IT versus OT contexts?