An Introduction to the CIA Triad

Long established within the information security field – and by extension, cyber security – the concept of the CIA triad is a mainstay. The acronym refers to three parts:

  • Confidentiality
  • Integrity
  • Availability

The CIA Triad is a model designed to guide policies for information security within an organisation. As one learns about their inter-relationship it becomes clear that while each is of huge individual importance, but a slavish devotion to one will, in all likelihood, cause failure to another.

Consider how the maintenance of total availability must, inevitably, lead to a breach of confidentiality. Data may be kept secure, but if the productivity of the organisation is harmed, then it may be considered that the policy implementation is lacking efficiency.

The CIA Triad

Your Risk Management Plan

We approach these problems through a multi-step risk management process which identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls. It is concluded with an assessment of the effectiveness of the risk management plan.

While Information Security is wide-ranging, and is inclusive of paper-based data, equipment theft and so forth, Cyber Security is focussed on a narrower set of threats: those which centre upon attacks through the computer network. We refer to these modes of attack as ‘threat vectors.

An illustrative list of such threats includes:

  • Viruses
  • Ransomware
  • Worms
  • Phishing attacks
  • DDOS (Distributed Denial of Service)
  • Trojan horses
  • Malware

Conclusions

The range of threats to the organisation’s computer security and overall IT security are considerable, but when addressing cyber security it’s important to realise that in banking, aviation, maritime and similar industries, the acceptability of restricting availability is entirely different from the considerations in a retail organisation.

The consequence is that the ideal risk management plan must reflect the integration of risk balanced against the CIA Triad. Only then can budgets and priorities be established.

 

Have you read:

 

Man Throwing Dice

⏱ 5 Second Summary

Part of our Cyber Security Series

Understanding Risk demands an appreciation of the CIA Triad, comprised of Confidentiality, Integrity, and Availability

Recent Posts

Subscribe to our Blog

 

Humperdinck Jackman, Author

Humperdinck Jackman

Director of Consulting Services

Humperdinck has a 30-year career spanning Document Management Systems (DMS), data protection, Artificial Intelligence, Data Protection and Robotic Process Automation. With many articles published in print internationally, he believes the advances in office technology are such that we're entering the 4th Industrial Revolution. Now Director of Marketing and Consulting Services at Advanced UK, he's as active with clients as he is in endeavouring to write original blog articles.