The C.I.A. Triad: A Synopsis
Nicholas T. Martin
Department of Cybersecurity: Old Dominion University
CYSE-200: Cybersecurity, Technology, and Society
Professor Skip Hiser
2/15/2026

The C.I.A. Triad: A Synopsis

BLUF: The C.I.A. Triad is an acronym which describes the foundational concepts of a
functional and secure system. The meaning of the acronym is: confidentiality, integrity, and
availability. This document will serve as a primer to those concepts, as well as introduce the
terms authentication and authorization.

Background
According to Wesley Chai’s article, What is the CIA Triad? Definition, Explanation,
Examples, there is no single origin of the C.I.A. Triad. Rather, it was a gradual evolution of
security practices developed following the adoption of informational and digital infrastructures.
It is believed that the United States Airforce first established confidentiality as a security
standard in 1976, with further developments in 1987 and 1988 until being first defined as we
know it now in 1998 (Chai, 2022). Since then, the C.I.A. Triad has become largely accepted as
the core principles by which information and data security methodologies are formed.

Definitions
▪ Confidentiality – In short, confidentiality can be summed up as data privacy. That is, the
act of restricting unauthorized users from accessing secure networks. Some key examples
of this are authorization and authentication, which will be defined later in this document.
▪ Integrity – This concept promotes the preservation of information and/or data in storage
as well as in communication. This means that no data shall be omitted, altered, or
misrepresented by unauthorized users. An example of this in practice is digital signatures,
where various forms of digital communications are signed by the original author to
ensure the integrity of the information sent.
▪ Availability – Secure networks and digital data are as important as they are accessible to
authorized users. Certain kinds of cyber-attacks, namely ransomware, are employed by
malicious actors to lock authorized users out of their systems and hold the data ransom in
exchange for monetary gain. With effective confidentiality practices, a system can be
protected from these forms of malicious software and prevented from being compromised
(Chai, 2022).
▪ Authentication – This term describes the process of verifying the identity of a user and
determining whether they are authorized to access any given system. Examples of this are
passwords and biometrics which are personalized and unique to each authorized user.
▪ Authorization – Typically following authentication, authorization processes determine
what functions and aspects of a system authorized users can access. A common example
of this is role-based access control (RBAC), which is a system configuration which
grants specific roles to each user, granting them only the access to a system they require
(frontegg, 2024).

Authentication and Authorization
As noted above, authentication and authorization are often employed together to secure a
system. The process of authentication verifies a user, and authorization determines how said user
can interface with a system. Both procedures are employed to ensure the confidentiality of a
system by allowing only authorized users to gain access and to utilize that system in only
approved ways (frontegg, 2024).

Conclusion
No single concept of the C.I.A. Triad is more important than another. Instead, all three
are equally vital in ensuring the functionality and security of a system. For instance, overly
stringent confidentiality practices often damage availability, and inversely, neglected
confidentiality practices allow too much availability and threaten the integrity of data and
information. All three must be cultivated and tailored to specific systems so that authorized users
are able to productively utilize a system while also safeguarding the system from unauthorized
users. Though not a part of the C.I.A. Triad, authentication and authorization are widely accepted
and utilized in the information and cyber security industry as general practices to ensure
confidentiality.

References
Authentication vs Authorization: Similarities and 5 Key Differences. (2024, August 19).
frontegg. https://frontegg.com/blog/authentication-vs-authorization
Chai, Wesley. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples.
TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-
availability-CIA?jr=on