Home

CIAtriad

The CIA triad is a fundamental model in information security that identifies three core objectives for protecting information systems: Confidentiality, Integrity, and Availability. It is used to guide security policy, risk assessment, and the design of safeguards.

Confidentiality means preventing unauthorized disclosure of information. Techniques include access controls, authentication, encryption, and data masking

Integrity means maintaining the accuracy and trustworthiness of information, ensuring it has not been altered or

Availability means ensuring that data and systems are accessible to authorized users when needed. Techniques include

In practice, organizations balance these objectives, recognizing that measures to improve one area may affect others.

Extensions and criticisms: While widely taught, the CIA triad is a simplification. Some security models add

to
ensure
that
data
is
seen
only
by
those
with
proper
permissions.
tampered
with.
Techniques
include
cryptographic
hashes,
digital
signatures,
checksums,
version
control,
and
strong
change-management
practices.
redundancy,
regular
backups,
disaster
recovery
planning,
failover
support,
and
resilient
infrastructure.
For
example,
strong
encryption
protects
confidentiality
but
can
impose
processing
overhead
or
complicate
legitimate
access;
strict
access
controls
can
impact
usability;
high
availability
often
requires
additional
investment.
attributes
such
as
authenticity,
non-repudiation,
accountability,
or
possession
to
address
broader
concerns.
Standards
and
frameworks
often
reference
CIA
alongside
practical
controls,
privacy
considerations,
and
risk-management
practices.