Posted on

The CIA Triad

The CIA triad is composed of confidentiality, integrity, and availability. Which is the
foundation of the CIA model. The creation of the model can be traced to a 1976 U.S. Air Force-
commissioned study by the RAND Corporation, which emphasized the need to protect data
from unauthorized access (Turn & Ware, 1976). This principle ensures that sensitive information
is only accessible to authorized individuals, using methods like encryption and access controls.
The I of CIA is the concept of integrity. Focusing on the accuracy and trustworthiness of data, it
was featured in a 1987 paper by Clark and Wilson. They highlighted that commercial computing
requires a focus on preventing unauthorized data modification to maintain correctness (Clark &
Wilson, 1987). Integrity is maintained through mechanisms like file permissions and digital
signatures. The principle of availability came about the 1988 Morris Worm incident. Which
caused widespread internet disruptions, exposed the critical need for reliable and timely access
to information for authorized users (Federal Bureau of Investigation, 2018). Within this
framework, two critical concepts are authentication and authorization. Authentication is the
process of verifying a user’s identity. Authorization, which follows successful authentication
which determines what resources an authenticated user. A common analogy is airport security
showing a government-issued ID is authentication. While the boarding pass grants authorization
to board a specific flight. Understanding these concepts is fundamental to implementing a
robust security posture.


Clark, D. D., & Wilson, D. R. (1987). A Comparison of Commercial and Military Computer
Security Policies. Proceedings of the 1987 IEEE Symposium on Security and Privacy, 184-194.
Federal Bureau of Investigation. (2018, November 2). The Morris Worm: 30 Years Since First
Major Attack on the Internet. FBI. Retrieved February 16, 2026,
from https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-
internet-110218
Turn, R., & Ware, W. H. (1976). Privacy and Security Issues in Information Systems. RAND
Corporation. https://www.rand.org/pubs/papers/P5684.html

Leave a Reply

Your email address will not be published. Required fields are marked *