What is the CIA triad?
What is unique about the acronym, CIA, is that it does not have much to do with the U.S. intelligence agency. For the information security community, CIA stands for: confidentiality, integrity, and availability; this is also known as the CIA triad.
These principles establish the key fundamentals for an organization’s security infrastructure. If there was a breach of any kind, one can assume that one of the three principles had been violated in some way.
A security professional evaluate a threat and possible vulnerabilities based on the possible impact they may have on confidentiality, integrity and availability of an organization’s resources. Through an evaluation, a security team would implement security controls to minimize risk within the organization’s environment.
Confidentiality
Confidentiality addresses an organization’s efforts to make sure that the data remains private. The key is to be able to control the incoming access towards the data, and ensure that none of the access is unauthorized. Essentially, authorize access to those who are meant to have access to a specific resource and deny access to those who are unauthorized when they attempt to breach the asset.
Integrity
Integrity addresses the quality of something whole/complete. Basically, what it means is that integrity is about ensuring that the data can be trusted if it has not been tampered with in any way; the data must be reliable, valid, and authentic.
Availability
If an asset, such as a system or application, is not accessible, the asset is deemed useless. Essentially, availability refers to networks, systems, and applications being up and running. The goal is to make sure that an authorized user is able to access a resource if and when they are needed.
For more information
To learn more about the CIA triad, please read here.
Michael is an Information Technology consultant, with a focus on cybersecurity. Every day, Michael strives to learn something new, with an aim to share it with you all!