CIA Triad
What is CIA Triad?
CIA TriadFoundational information-security model that groups objectives into Confidentiality, Integrity, and Availability.
The CIA triad expresses the three core goals every security program must balance. Confidentiality limits access to information to authorized parties through encryption, access control, and data classification. Integrity ensures data and systems are not modified without authorization, supported by hashing, digital signatures, version control, and write-protected storage. Availability ensures authorized users can use services and data when needed, supported by redundancy, capacity planning, DDoS protection, and disaster recovery. The model is incomplete on its own; extensions such as Parkerian Hexad add Possession, Authenticity, and Utility, and modern frameworks layer Authentication, Authorization, Non-repudiation, and Privacy on top.
● Examples
- 01
Encrypting customer PII (confidentiality), signing software releases (integrity), and running multi-region failover (availability).
- 02
Mapping CIS Controls to CIA categories during a gap assessment.
● Frequently asked questions
What is CIA Triad?
Foundational information-security model that groups objectives into Confidentiality, Integrity, and Availability. It belongs to the Compliance & Frameworks category of cybersecurity.
What does CIA Triad mean?
Foundational information-security model that groups objectives into Confidentiality, Integrity, and Availability.
How does CIA Triad work?
The CIA triad expresses the three core goals every security program must balance. Confidentiality limits access to information to authorized parties through encryption, access control, and data classification. Integrity ensures data and systems are not modified without authorization, supported by hashing, digital signatures, version control, and write-protected storage. Availability ensures authorized users can use services and data when needed, supported by redundancy, capacity planning, DDoS protection, and disaster recovery. The model is incomplete on its own; extensions such as Parkerian Hexad add Possession, Authenticity, and Utility, and modern frameworks layer Authentication, Authorization, Non-repudiation, and Privacy on top.
How do you defend against CIA Triad?
Defences for CIA Triad typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CIA Triad?
Common alternative names include: Confidentiality, Integrity, Availability.
● Related terms
- compliance№ 299
Defense in Depth
Security strategy that layers independent controls so that if any single control fails, others continue to prevent, detect, or contain an attack.
- compliance№ 936
Risk Management
The coordinated process of identifying, analyzing, evaluating, treating, monitoring, and communicating risks to keep them within an organization's defined tolerance.
- compliance№ 557
ISO/IEC 27001
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
- compliance№ 731
NIST Cybersecurity Framework
A voluntary risk-based framework published by the U.S. National Institute of Standards and Technology that organizes cybersecurity outcomes into six core functions.
- identity-access№ 076
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
- identity-access№ 077
Authorization
The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.