The CIA Triad | Benjamin

Benjamin Rivera Medina
Professor Bowman
CYSE 200T
February 19, 2026
CIA Triad

The CIA triad are the three primary objectives for cybersecurity professionals. This triad was developed to create a clear concise framework for what cybersecurity professionals should focus on. The CIA triad’s core objectives of confidentiality, integrity, and availability ensure safety and security of data and company assets.

Confidentiality is the first part of the triad, which involves ensuring data is only received and accessed by the intended recipient. Threat actors are constantly attempting to gain unauthorized access to sensitive data. This can include information such as social security numbers, credit card information, and bank information. As Chai states, “confidentiality measures are designed to ensure privacy and prevent sensitive information from unauthorized access attempts” (Chai, 2022). In addition, authentication is a process that can aid in maintaining confidentiality. Authentication is the process of proving who you are using proof such as a password, biometrics, or identification card. This is different from authorization which is access that you are given based on who you are.

Integrity ensures that data is not tampered or altered, and that data is trustworthy. Threat actors may attempt to alter data using methods such as replay attacks or man in the middle attacks to gain unauthorized access. Integrity is important because all security revolves around data being trustworthy. Without integrity, cybersecurity professionals cannot trust anything on the network. Security tools such as hashing, digital certificates, and file integrity monitoring can assist in maintaining integrity of data (Chai, 2022).

Availability is ensuring that all systems are on and available for use and operation. Threat actors can use various attack methods such as DDoS and ransomware to prevent organizations from using their systems. This is extremely important objective because without availability, organizations lose business and profit for each second, they cannot operate. Having redundant systems, recovery plans, and backout plans can help bring back systems online in case of an incident. Confidentiality, integrity, and availability are vital for ensuring security and privacy of sensitive data and company assets.