The CIA triad is a security model of three core principles used within IT security and Information Security policies within an organisation. These principles relate to the Confidentiality, Integrity, or Availability of systems or information.
Confidentiality refers to the control of information ensure that data can only be accessed by an authorised party. Attacks against the principle of Confidentiality relate to the disclosure of information in some form.
Integrity refers to the prevention of unauthorised modification to information or data. For organisations the value of valid data in its intended state is critical. An attack against this is where information or data is altered.
Availability refers to the accessibility of data upon request. Attacks impacting this principle relate to the destruction of data or rendering a system offline.
Attacks against an organisation would aim to compromise at least one of these principles. In some cases, multiple or all of these could be affected. Understanding how security risks affect an organisation’s assets or data is crucial to ensure that sufficient mitigating controls and processes are implemented.
These principles should be integrated into design decisions and the workflows of secure coding development, IT system management, and the wider organisation processes and procedures to create a great foundation for a strong security posture. Corporate policies should reflect these principles in operational processes and design decisions.
If you like this blog post, find more content in our Glossary.