Security

CIA Triad

The three fundamental principles of information security: Confidentiality (protecting data from unauthorized access), Integrity (ensuring data accuracy), and Availability (ensuring authorized access when needed).

Also known as:Information Security TriadAIC Triad

What is the CIA Triad?

The CIA Triad is the foundational model for information security, consisting of three core principles that guide security policies and controls. Every security measure aims to protect one or more of these principles.

The Three Principles

Confidentiality Ensuring information is accessible only to authorized individuals.

  • Encryption
  • Access controls
  • Authentication
  • Data classification

Integrity Maintaining accuracy and trustworthiness of data.

  • Hash functions
  • Digital signatures
  • Version control
  • Audit trails

Availability Ensuring authorized users can access information when needed.

  • Redundancy
  • Backups
  • Disaster recovery
  • Load balancing

Balancing the Triad

Security decisions often involve trade-offs:

  • Strong encryption (confidentiality) may impact performance (availability)
  • Strict access controls may hinder collaboration
  • High availability may increase attack surface

Extended Models

Some frameworks extend CIA with:

  • Authenticity: Verifying identity claims
  • Non-repudiation: Preventing denial of actions
  • Accountability: Tracing actions to entities
Previous

CI/CD

Next

Cloud Security Posture Management (CSPM)