The CIA Triad is a (now) foundational concept for Information Security professionals to use and implement in their work. It is composed of a “three legged stool” or “three values”; Confidentiality, Integrity, and Availability. These three equally fundamental concepts gradually appeared over time instead of having defined direct “roots” or “origins”, because they are ideas that formed from years of wisdom. Early mentions of the triad date back to a blog post and eventually became a foundational concept by 1998. This means that Information Security professionals have used these core values in the work for more than two decades. Lets break down each of the three concepts individually.

Confidentiality restricts access to those in need of it and no others. An example of this would be some form of two factor authentication. Information that is kept confidential is safely protected until the user that needs to access the information passes through security confidential tests of providing a PIN or password in addition to a biometric data or physical ID card of some sort.

Availability allows users or authorized individuals to access the information they need. For example, availability might be an ATM machine that provides the user access to their information by providing their credentials even when the bank branch might be closed.

Integrity can be defined as data that is kept as is, meaning it cannot be altered or modified either accidentally or on purpose. An example of integrity would be accessing a person’s online bill payment for their motor vehicle or mortgage payment digitally. The information cannot be changed, only updated.

In information security, there are two additional concepts that are crucial to a professional’s work, which are authentication and authorization.

Authorization is something that determines who has the right to access certain data or information. Most files have permissions enforced on their data that can only be accessed by the creator of the file, or some kind of admin. This is to ensure that sensitive content cannot be compromised by someone who is trying to access the files with malicious intent, i.e a hacker.

Authentication is an “umbrella” term that covers all of the processes that verify the user is who they say they are when trying to access data or files. Establishing identity methods include biometrics, key cards, security tokens, etc.

To summarize, the CIA Triad is a valuable concept in Information Security that has helped shape the broad field of Cybersecurity. Dating back for more than to decades, professionals use these core concepts in their work to effectively do their jobs and keep the public safe from various cyber threats.