The three security properties of information are confidentiality, integrity, and availability (CIA). Requirements define the security goals while controls are specific techniques used to meet requirements such as access controls and encryption. A buffer overflow occurs when a program writes more data to a buffer than it can hold, overwriting adjacent memory and potentially allowing code execution by an attacker if they can control the overflow data.