What is the CIA triad in cybersecurity?

Short answer

The CIA triad is a foundational model in cybersecurity consisting of Confidentiality, Integrity, and Availability. These three principles guide the design of security controls.

How it works

• Confidentiality: Ensures that sensitive information is accessed only by authorized parties. Achieved through encryption, access controls, and authentication.
• Integrity: Guarantees that data is not altered or tampered with in an unauthorized manner. Maintained through hashing, digital signatures, and version control.
• Availability: Ensures that systems and data are accessible when needed. Supported by redundancy, backups, and disaster recovery planning.

Example

An online banking system encrypts transactions (confidentiality), verifies transaction hashes (integrity), and maintains redundant data centers (availability).

Why it matters

Every security control maps to at least one pillar of the CIA triad. It provides a simple but powerful framework for risk assessment and communication with stakeholders.