The CIA triad is another form similar to the NIST framework that defines the needs of information security for an organization. According to the article, the triad “can guide an organization’s efforts and policies aimed at keeping its data secure” (Fruhlinger, 2020, p.1). I thought the CIA triad would have something to do with the Central Intelligence Agency, but the article told me wrong. The CIA triad stands for the three principles that have been labeled as necessary terms used to explain which security policies are a good fit when based on those principles (Fruhlinger, 2020, p.1). The three principles are confidentiality, integrity, and availability. The article then goes on to describe the principles in detail while also providing examples of each for clarity.

            The first principle is confidentiality, which is what the “C” stands for. Confidentiality in simple terms refers to the secrecy of something from other people. Confidentiality is defined as “only authorized users and processes should be able to access or modify secure data” (Fruhlinger, 2020, p.1). This branches out to describe the “two A’s” of information security authorization and authentication. Authorization determines who has the right to access what data while authentication checks to make sure the person who is accessing said data is that person (Fruhlinger, 2020, p.1). For example, a businesswoman at work may log into her company’s computer system using her passwords and those passwords may come with security questions. Once she is logged in she tries to access her boss’ files but gets rejected and logged out of the system. The security questions after the password is an example of authentication checking to make sure it’s the businesswoman logging in. Her getting rejected and logged out of the system is because she wasn’t authorized to see her boss’ files so, the security system kept the businesswoman from seeing those files.

The next principle in the triad, “I”, stands for integrity. Fruhlinger states that integrity as “data should be maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously” (2020). This means that no one who isn’t authorized, like an editor or administrator, can tamper with secured data that shouldn’t be touched unless advised to. This keeps policies stable from constant changes which can lead to confusion for employees who are used to certain security measures. An example of keeping data integrity intact would be how my iPhone does iCloud backups for the data on my phone so if I were to get hacked the information would be stored in an extra place for safety.

The last principle of the triad, “A”, stands for availability. Availability is defined as “authorized users should be able to access data whenever they need to do so” (Fruhlinger, 2020, p.1). Meaning that when an employee at a company needs to review documents about the dress code those documents are made accessible in a special section in the company’s manual. An example of how availability can be implemented with the other principles of the triad is making a dress code document available to all users in a company while also checking the systems to make sure those who need to view the dress code can and are doing so. The triad as a whole is a good program to use to check if an organization is following the right security policies that are expected of their systems. Fruhlinger even says “the triad isn’t a matter of buying certain tools; the triad is a way of thinking, planning, and setting priorities” (2020). By following the CIA triad all information security organizations that help companies keep their data secure makes for an easy formula for cybersecurity to be protected.