CIA Triad

Confidentiality

Confidentiality is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes.

It revolves around the Principle of Least Privilege. This principle states that access to information, assets, etc. should be granted only on a need-to-know basis so that information that is only available to some should not be accessible by everyone.

Integrity

Data integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner.

More broadly, integrity is an information security principle that involves human/social, process, and commercial integrity, as well as data integrity. As such it touches on aspects such as credibility, consistency, truthfulness, completeness, accuracy, timeliness, and assurance.

Availability

For any information system to serve its purpose, the information must be available when it is needed. This means the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly.

Ensuring availability also involves preventing denial-of-service attacks, such as a flood of incoming messages to the target system, essentially forcing it to shut down.

[1]


Relevant Note(s): Information Security


  1. https://resources.infosecinstitute.com/topic/cia-triad/ ↩︎