Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

cyber security

The CIA triad of information security

Naveen Edala

The CIA triad is the governing principle for information security measures employed on any scale or reach. It is widely regarded that an information security infrastructure/setup is in a great posture if it is in good standing with respect to this triad. Hence, the CIA triad is a core concept and an absolute necessity in the field of IT security.

So, “what exactly is the CIA triad,” you ask? Here you go:

svg viewer
The Confidentiality-Integrity-Availability Triad

The CIA triad states that the success (or failure) of an information security system is governed by the following three cornerstone aspects:

  • Confidentiality
  • Integrity
  • Availability

A mix of all three aspects is necessary to build a good security system and infrastructure.


Confidentiality means “to be able to confide in”. From the security point of view, confidentiality is the umbrella term for all the measures in use that control and restrict information access/flow to receivers (people, devices) based on their authorization levels.

Fundamentally, confidentiality is the concept of appropriately assigning the “needs” to each person or device. This means that every person or host only has access to the information that is absolutely necessary for them to know and use!

For example, not every employee in an organization requires clearance to access the trade secrets and classified information within it! A software developer only needs access to the code base, and a backend engineer only needs access to the servers.


To have “integrity” is to have consistency and be true to the origins. In the field of security, this translates to ​corruption, tampering, and alteration of information being considered. All the measures taken to safeguard data from unauthorized editing or abrupt damage fall into the integrity of a system.

Integrity boils down to not allowing modifications or edits to information without proper authorization and ensuring that data is stored in a safe, non-corruptible setup.

Some of the most prominent examples of integrity are hash checking, digital signatures, and encryption.


At any given point, information must be “available” for the host to work on. In the realm of security, this translates to all the processes and infrastructure that ensure that required information is available round-the-clock, at a quick pace, and is safely retrievable in the case of an event or a catastrophe.

If someone hacks into your systems and takes the processes and infrastructure down, does the information in them die too? Do you have too much information and not enough space to store it? Do you want to work on the information, but have to wait a long time before you can get it?

All those questions are ​important considerations of availability. Examples of availability checks are backup servers, local drives, hosting uptime, secure access, protection against leaks, and so on!


cyber security

View all Courses

Keep Exploring