The CIA Triad

🔺 What Is the CIA Triad?

The CIA Triad is the foundational model of cybersecurity, built around three core principles: Confidentiality, Integrity, and Availability. Confidentiality means keeping information private and accessible only to those who are authorized to see it. Integrity means ensuring that data is accurate and has not been tampered with or altered without authorization. Availability means making sure that systems and data are accessible and functional when legitimate users need them. Nearly every security control, policy, or tool in existence is designed to protect one or more of these three properties.

🧪 Real-World Example

A hospital’s patient records system must be confidential — only authorized staff can view patient data. It must have integrity — a nurse needs to trust that a medication dosage in the record has not been changed by anyone unauthorized. And it must be available — if a ransomware attack locks the system down during an emergency, lives could be at risk. A security breach can attack any or all three of these properties at once.

✅ Key Takeaways

• Confidentiality protects data from unauthorized access — enforced through encryption and access controls.
• Integrity ensures data is accurate and unaltered — enforced through hashing, audit logs, and checksums.
• Availability ensures systems are up and accessible — protected by backups, redundancy, and DDoS mitigation.
• Most cyberattacks target at least one leg of the triad: data theft breaks confidentiality, tampering breaks integrity, ransomware breaks availability.
• The CIA Triad is used to evaluate risks, design systems, and assess the impact of security incidents.
• Understanding the triad helps organizations prioritize what they are protecting and why.