The CIA (Confidentiality, Integrity, and Availability) triad, is a model designed to guide policies for information security within an organization. The CIA triad of information security implements security using three key areas related to information systems including confidentiality, integrity and availability.
In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people.
The CIA triad of information security was created to provide a baseline standard for evaluating and implementing information security regardless of the underlying system and/or organization. The three core goals have distinct requirements and processes within each other.
The term is closely related to privacy. Confidentiality means that access to confidential information must be restricted only to authorized people.
For example, keeping a client’s information only between you and client and not disclosing it to other employees is confidentiality. User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved.
Integrity means the data in transit/rest is not modified and is accurate. Accuracy and consistency of data should always be maintained.
For example, when you send some data to client it should reach them as it is. If any other person is able to modify the contents and forwards it to the client then the integrity of the data is lost. Data encryption and hashing algorithms are key processes in providing integrity.
Availability means the data is always available and accessible to the right people at the right time. i.e. When needed.
For example, when your hard disk crash, you don’t have access to the data in it. i.e. it is unavailable to you. Hardware maintenance, software patching/upgrading and network optimization ensures availability.Share This: