This paper is concerned with the security state estimation and event-triggered control of cyber-physical systems (CPSs) under malicious attack. Aiming at this problem, a finite-time observer is designed to estimate the state of the system successfully. Then, according to the state information, the event-triggered controller is designed through the event-triggered communication. It is proved that the system is uniformly and finally bounded. Finally, the effectiveness of the proposed method is verified by a simulation example.