CIA Triad of Information Security

What Does CIA Triad of Information Security Mean?

Confidentiality, Integrity and Availability (CIA) are the three foundations of information systems security (INFOSEC). The purpose of the CIA Triad is to focus attention on risk, compliance, and information assurance from both internal and external perspectives.

  • Confidentiality — Information and Communication Technology (ICT) systems and data can only be accessed by authorized entities. The Principle of Least Privilege (PoLP) and Zero Trust both support confidentiality.

  • Integrity — Data can be trusted to be accurate and complete while at rest, while in use and while in transit. Key processes that support integrity include confidential computing and encryption.

  • Availability — Data and information systems are always accessible. High availability (HA) is supported by redundancy, predictive analytics and cloud computing.

Techopedia Explains CIA Triad of Information Security

Cybersecurity requires a layered, defense-in-depth strategy that supports confidentiality, integrity and availability. The CIA Triad provides a risk assessment framework that can be used to prioritize goals, purchases and policy.

The pillars of confidentiality, integrity and availability can be used to guide the creation of security controls that limit risk. While all security initiatives should should address each part of the framework, one of the three pillars of the framework might take precedence over another depending on the organization’s purpose.


Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…