CIA Triad of Information Security

What Does CIA Triad of Information Security Mean?

Confidentiality, Integrity and Availability (CIA) are the three foundations of information systems security (INFOSEC). The purpose of the CIA Triad is to focus attention on risk, compliance, and information assurance from both internal and external perspectives.

• Confidentiality -- Information and Communication Technology (ICT) systems and data can only be accessed by authorized entities. The Principle of Least Privilege (PoLP) and Zero Trust both support confidentiality.

• Integrity -- Data can be trusted to be accurate and complete while at rest, while in use and while in transit. Key processes that support integrity include confidential computing and encryption.

• Availability -- Data and information systems are always accessible. High availability (HA) is supported by redundancy, predictive analytics and cloud computing.

Techopedia Explains CIA Triad of Information Security

Cybersecurity requires a layered, defense-in-depth strategy that supports confidentiality, integrity and availability. The CIA Triad provides a risk assessment framework that can be used to prioritize goals, purchases and policy.

The pillars of confidentiality, integrity and availability can be used to guide the creation of security controls that limit risk. While all security initiatives should should address each part of the framework, one of the three pillars of the framework might take precedence over another depending on the organization’s purpose.