The CIA Triad

Posted by jjohn189 on

When someone first hears CIA, usually the first thing that comes to mind is the Central Intelligence Agency, but within the cybersecurity field, this means something completely different. CIA stands for Confidentiality, Integrity, and Availability. This triad is used as the objectives of information security. Although there is no clear creator of the triad, it was a well-established concept by the 1998. This is when Donn Parker mentioned it in his book Fighting Computer Crime (Fruhlinger, 2020, p.2). But what does each part of the triad actually mean?

Confidentiality
To start off the triad, we have confidentiality. Confidentiality refers to having data/info to be exposed to only those allowed to see it. Confidentiality can be farther explained with the two A’s: Authentication and Authorization. Authentication is the process of a system making sure something/someone is genuine; in other words, making sure you are you. Some examples of authentication include passwords/PINs, tokens, biometrics or even multi-factor authentication. Then we have authorization which determines who can and who can’t access info/data. An example of authorization is when an executive is able to access certain files, but a regular employee isn’t.

Integrity
Next up we have Integrity. Integrity refers to the data being modified by only those authorized to do so. This is so that the data can trusted; that it wasn’t modified by anyone it wasn’t supposed to be by. Integrity can be kept up by the same ways as confidentiality because the two go hand and hand. But other ways integrity can be maintained is with hashing or data checksums.

Availability
Finally, we have availability. Availability refers to the data being available to those who need it and when they do. In order to keep up with availability, systems should be up to date, being able to handle its’ workload. DoS attacks are an example of when there is lack of availability in a system.

Conclusion
Like stated before, the CIA is an important part of information security. It provides systems with a guide in overall security policies and frameworks. “ Implementing the tirad isn’t a matter of buying tools; the triad is a way of thinking, planning, and, perhaps most importantly, setting Industry standard cybersecurity frameworks”.


References
Dictionary.com, LLC. (1995). Dictionary.com. Retrieved March 18, 2022, from https://www.dictionary.com/
Fruhlinger, J (2020). The CIA triad: Definition, components and examples
IDG Communications, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *