The CIA triad mainly discusses Confidentiality, integrity, and availability. This is because they are the fundamental models used to develop and evaluate information security policies within an organization. The triad happens to address a critical aspect when it comes to protecting digital assets.
When it comes to confidentiality this mainly works with the limiting of data access. When I say limited data access I mean it will only give people access if they have authority to it. So it will protect sensitive information from people that don’t have authorized disclosure as a result makes sure that person doesn’t get the information. How this will happen by using strong passwords, two-factor authentication, encryption, biometric verification, and the last way would be to have an employee be trained to defend against threats like social engineering.
When it comes to Integrity this part makes sure the data is accurate, consistent, and trustworthy when it comes to its lifecycle. When it comes to the measurements they can be access control, file permissions, version control, checksums, and digital signatures. The reason for this is so that it can help prevent unauthorized or accidental change plus there can be recovery of data if the data is corrupted, attacked, or had a system failure.
Then there is availability and its job is to make sure there is guaranteed access if there authorized user that is allowed to access data and system reliably when they need it. This can be key practices when it comes to system maintenance, updates, network, monitoring, failover system, and comprehensive disaster recovery planes if they need it too. So in a way, this can be a safeguard when it comes to protecting the system from hardware failures, DoS attacks, or natural disasters because it would have backups that are available for access and to be worked on.
So when it comes to the Cia triad it helps provide a framework that can identify and mitigate risk if needed plus it can evolve to new threats if needed.