CIA triad of information security is a simple way to describe the three key risk areas for a company’s data and information. CIA stands for the core security principles: Confidentiality, Integrity, and Availability.
- Confidentiality = Keeping sensitive information private and only accessible to people who are allowed to see it
- Integrity = Ensuring data is accurate, complete, and protected from unauthorized changes
- Availability = Making sure systems and data are up and working for authorized users when they need them
Confidentiality
- means that only authorized persons have access to the information.
- disruption of confidentiality means that an unauthorized person has the information
- assured confidentiality excludes misuse of information
Integrity
- means that the information is delivered to the user without any unwanted changes or modifications
- disruption of integrity means that the information is corrupted and is other than it should be
- assured integrity means ensuring the correctness and completeness of information in information systems.
Availability
- means that the user can get data or information from the system at any time if needed
- interrupted or disrupted availability means that information is not available, temporarily or permanently
- assured availability means that the data is available, that it has not been unavailable.
The goal of an information systems is to ensure that all three data properties are preserved. That is, to avoid their unwanted use, unwanted change or loss.