Browse Definitions :

An explanation of CIA triad

By

In this video, TechTarget editor Michaela Goss talks about the mechanisms of the CIA triad in cybersecurity.

It's not the CIA you're thinking of.

The CIA triad -- in information security, this means confidentiality, integrity and availability. It's an organizational model designed to guide policy around storing data and information. And because of the inevitable confusion with the federal government's CIA, you might also see it as the AIC triad.

What's important is that each letter represents a foundational principle in cybersecurity -- confidentiality, integrity and availability.

Let's break down each component of the triad.

Confidentiality is a set of rules that limit access to information. It's comparable to privacy -- ensuring confidentiality means the right people can access sensitive information, while the wrong people cannot. This can be accomplished through methods like data encryption, multifactor authentication and biometric verification.

Integrity is the assurance that the information is trustworthy and accurate. It involves maintaining data consistency and accuracy over its entire lifecycle. Measures like file permissions and user access controls ensure that unauthorized people can't change data, while checksums and backups safeguard data from nonhuman threats, such as an electromagnetic pulse or a server crash.

And availability is a guarantee of reliable access to the information. It's best ensured by rigorously maintaining all hardware, staying up to date with system upgrades, providing bandwidth, preventing bottlenecks and supporting fast disaster recovery.

But like with many things in the security space, easier said than done. Big data poses extra challenges to CIA simply because of the sheer volume of information, its sources and format variety.

The ever-expanding internet of things also challenges the CIA triad. Unpatched IoT devices and weak passwords can easily be exploited by bad actors. Even something like a light bulb with enabled Wi-Fi could be exploited and used as an attack vector.

Many experts think the triad needs an upgrade. One researcher adds in authenticity, possession and utility, making the Parkerian Hexad. Others think the CIA triad is too abstract and should be replaced entirely with the DIE triad -- distributed, immutable and ephemeral.

How does your organization embrace the CIA triad -- or any variation of it? Let us know in the comments below and remember to like and subscribe.

Sabrina Polin is a managing editor of video content for the Learning Content team. She plans and develops video content for TechTarget's editorial YouTube channel, Eye on Tech. Previously, Sabrina was a reporter for the Products Content team.

Networking
  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

Security
  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

  • What is security information and event management (SIEM)?

    Security information and event management (SIEM) is an approach to security management that combines security information ...

CIO
  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

  • technology addiction

    Technology addiction is an impulse control disorder that involves the obsessive use of mobile devices, the internet or video ...

HRSoftware
  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • contact center agent (call center agent)

    A contact center agent is a person who handles incoming or outgoing customer communications for an organization.

  • contact center management

    Contact center management is the process of overseeing contact center operations with the goal of providing an outstanding ...

  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

Close