What is CIA triad?

Introduction

CIA triad is a concept that comprehensively encompasses the overall security objectives of an organization’s infrastructure. Before discussing CIA triad, let’s first define information security. Information security is as the processes and methodologies employed in protecting information and information systems from inappropriate access, use, or modification.

We can summarize security objectives into confidentiality, integrity and availability. Hence, that is where the CIA triad literally originates from. Moreover, these three principles are pillars of information security. These security concepts must work in harmony to successfully implement and maintain information security within a given organization.

Data in information systems may exist in three distinct states namely data at rest, in use and in motion. Therefore, information security must further ensure the confidentiality, integrity and availability of data.

Confidentiality

Confidentiality is the first principle of the CIA triad. It refers to the concept of protecting data from unauthorized disclosure by unauthorized users and entities. In other words, confidentiality guarantees that only intended people are able to access information and resources. Additionally, encryption and related techniques ensures confidentiality of data.

Integrity

It is the second principle of the CIA triad. It refers to the concept of maintaining the accuracy, validity, reliability, and completeness of the data and the systems it resides on. Moreover, integrity is mainly concerned with protecting data from unauthorized modification or tampering throughout its lifecycle. Besides, the integrity of data should be always maintained regardless of its state. Robust backup systems, hashing functions and digital signature are some of the techniques employed to ensure integrity of the data.

Availability

This is the third and final principle of the CIA triad. Availability leg of the CIA triad focuses on granting subjects timely and uninterrupted access to objects. Furthermore, it is concerned with prevention of issues that may impede accessibility of infrastructures. Authorized users may be denied access to authorized resources due to denial of services (DOS), ransomware and so forth attacks.

To better understand it, let’s consider another concept that have opposite effect on our data. We can summarize the effect in simple to remember manner as DAD (Disclosure, Alteration, and Destruction). The whole purpose of CIA is to prevent the occurrence of DAD to our infrastructures.