The CIA Triad

What Is THE CIA Triad?

The CIA Triad is a model for analyzing information security using three major components: Confidentiality, Integrity and Availability.

A 3-circle Venn Diagram showing the CIA Triad. The Circles each conrtain overlapping sections and represent Confidentiality, Integrity and Availability.
Diagram: The CIA Triad

These represent the major objectives (the “Holy Trinity”) of information security efforts. The CIA Triad is essentially a basic map for framing discussion on how threats may affect these three pillars and what measures we can take to uphold them, even when challenged.

Confidentiality refers to the ability to keep sensitive information private. Any scenario that results in protected information being revealed or released to unintended parties is a breach of the confidentiality objective.

Integrity encompasses all efforts to ensure that information and processes remain trustworthy, authentic and accurate. Any scenario where data is tampered with, corrupted or destroyed by unintended parties or processes is a breach of the integrity objective.

The Availability component involves maintaining reliable access to and use of information. Any scenario in which information cannot be effectively accessed users is a lapse in the availability objective. Availability can be compromised by malicious activity (like DDOS attacks) or by a non-adversarial event (like equipment failure, or service outages).

What Isn’t the CIA Triad?

The CIA Triad is not related to the U.S. Central Intelligence Agency. In an effort to reduce confusion with the famous government agency, alternative acronyms AIC and CAI are sometimes used.

History of The CIA Triad

As far as I can tell, we don’t know a great deal about the history of the CIA Triad. And that, in itself, is interesting. Usually, with concepts in the computing and networking world, we can easily find first uses and learn about the paths of discovery taken by the pioneers responsible. That doesn’t seem to be the case for the CIA Triad. The question has been asked by curious students in the cybersecurity sphere for some time but if there is a clear answer, I haven’t found it.

We do know that, as information technology concepts go, it’s old. The Parkerian Hexad was discussed as a modern model to succeed the “classic CIA Triad model” and address the growing complexity of cybersecurity after the publication of Fighting Computer Crime almost 20 years ago in 1998.

Know something about the history of the CIA Triad as we know it today? Please leave me a comment! I’d love to hear it.

Additional References

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.