The CIA Triad is a information security system that was first properly established in 1998, although it started forming as early as 1976. This model helps cybersecurity workers determine what are the most important factors in a system, and what they should do to successfully implement the three core concepts used in this model. The CIA Triad doesn’t belong to the Central Security Agency, in fact the Triad belongs to no one group or person. The CIA part is an acronym for the three main components of the security system. These three core components are confidentiality, integrity and availability.

The first component of the CIA Triad is confidentiality. Confidentiality is the idea that only specific individuals should have the ability to access or change specific information. This is important because without it, websites would be wide open to hacking and data breaches, which could cost the organization a ton of money. The cost of cyber crime is only increasing, “From 2016 to 2017, it rose by 23% to $11.7 million per company.” (The True Cost of Cybercrime, 2021). That is why confidentiality is so important. The two big parts of confidentiality are authentication  and authorization. Authentication determines if the user is who they claim they are, and includes things like passwords and biometrics. Authorization determines what information each person should be able to access or alter. For example, a CEO should have more access to the information in a system than a low level employee.

The second component of the CIA Triad is integrity. Integrity is the concept that information should be protected from unauthorized alteration by anyone who isn’t authorized to change it. This keeps the integrity of the information and allows the organization to better use their data, knowing it is accurate. The systems that are implemented for the first factor, confidentiality, also help with integrity. The main ways to maintain integrity specifically is by implementing systems that detect and fix unauthorized changes like data checksums and routine backups. Systems like encryption and user access control also help ensure data integrity.

The third and final component of the CIA Triad is availability. Availability is the concept that the data should be available to those who are authorized to view or alter it. Data availability is very important to keeping an organization up and running, but also presents risks. According to Smart Eye Technology, “Your information is more vulnerable to data availability threats than the other two components in the CIA model” (“Confidentiality, Integrity, & Availability”, 2020). The fact that availability is the largest weakness means that it must be focused on even more. This comes into conflict with the other concepts of the Triad, but availability must be taken into account for an organization to succeed. This forces an organization to reach a balance, keeping data accessible and also safe. Some ways that organizations can increase availability are keeping hardware updated and having off-site backups. Some issues that occur due to poor implementation of availability are hardware failure, DoS attacks and human error which are all major issues for organizations.

In conclusion, the main factors of the CIA Triad, Confidentiality, Integrity, and Availability, are all very important to the success of an organization. They all must be taken into consideration and balanced with each other. If one of these factors is weaker than the other two, vulnerabilities are sure to be found in that company’s cybersecurity. This model has many different interpretations, allowing it to be a robust system that is usable in many computer systems. With the guidance of the CIA Triad, cybersecurity systems become much stronger and more secure, helping organizations stay safe from cyber crime.

Smart Eye Technology. (2021, June 2). Confidentiality, integrity, & availability: Basics of information security. Smart Eye Technology. Retrieved September 21, 2021, from https://smarteyetechnology.com/confidentiality-integrity-availability-basics-of-information-security/. 

Admin, A. (2021, June 4). The true cost of cybercrime for companies. Kiuwan. Retrieved September 21, 2021, from https://www.kiuwan.com/the-true-cost-of-cybercrime-for-companies/. 

Fruhlinger, J. (2020, February 10). The CIA Triad: DEFINITION, components and examples. CSO Online. Retrieved September 21, 2021, from https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html.