CIA Triad of Information Security

What Does CIA Triad of Information Security Mean?

Confidentiality, Integrity and Availability (CIA) are the three foundations of information systems security (INFOSEC). The purpose of the CIA Triad is to focus attention on risk, compliance, and information assurance from both internal and external perspectives.

  • Confidentiality — Information and Communication Technology (ICT) systems and data can only be accessed by authorized entities. The Principle of Least Privilege (PoLP) and Zero Trust both support confidentiality.

  • Integrity — Data can be trusted to be accurate and complete while at rest, while in use and while in transit. Key processes that support integrity include confidential computing and encryption.

  • Availability — Data and information systems are always accessible. High availability (HA) is supported by redundancy, predictive analytics and cloud computing.

Techopedia Explains CIA Triad of Information Security

Cybersecurity requires a layered, defense-in-depth strategy that supports confidentiality, integrity and availability. The CIA Triad provides a risk assessment framework that can be used to prioritize goals, purchases and policy.

The pillars of confidentiality, integrity and availability can be used to guide the creation of security controls that limit risk. While all security initiatives should should address each part of the framework, one of the three pillars of the framework might take precedence over another depending on the organization’s purpose.


Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.