Skip main navigation

The confidentiality, integrity and availability triad

In this step we examine the features of the Confidentiality, Integrity and Availability triad.
Woman working at desk
“Security professionals evaluate threats and vulnerabilities based on the potential impact they have on the confidentiality, integrity, and availability of an organization’s assets—namely, its data, applications, and critical systems.” (F5 Labs, 2019)

The information technology CIA (Confidentiality, Integrity, Availability) triad is widely known and accepted as an information security model that guides an organisation’s endeavours to plan, provide and maintain cyber security.

CIA triad elements

The three elements of the CIA triad are:

Confidentiality icon Confidentiality: The assurance that information is disclosed only to authorised entities.
Integrity icon Integrity: The assurance that information has been created, amended or deleted only by authorised individuals.
Availability icon Availability: The assurance that systems and information are accessible and usable by authorised entities when required.

The CIA triad is not a research outcome but rather it has been developed over time based on the wisdom of information security professionals.

The formalisation of “confidentiality” as a critical aspect of information security occurred as a result of a US Air Force study in 1976. As commercial computing and the use of databases to hold information became critical, so too did confidentiality. The value of “integrity” as an essential aspect was considered in the latter part of the 1980s. And, following the Morris Worm – the first recorded Denial of Service (DoS) attack on the Internet – information security’s “availability” became a critical aspect of the model.

Over time, the complexity of the information systems, the amount of information gathered to be processed, and threats to information have grown considerably. Consequently, information security professionals considered other key information security aspects. They are:

Non-repudiation

When communicating information, the sender of the information requires proof of delivery, and the recipient of the information must be presented with proof of identity of the sender. This is closely associated with the “integrity” of the information.

Authenticity

Authenticity is also closely associated with the integrity aspect of information security that strengthens the believability of the information. Measures, such as encryption and digital signatures/certificates, ensure the authenticity of the information when in “motion”. Meanwhile, measures such as version control, auditing, and access control further strengthen the integrity of information.

Authorisation

Supports confidentiality and integrity by limiting access to information essential to an organisation’s authorised personnel.

Accountability

A critical requirement to ensure integrity is maintained using information-related organisational policies. Auditing information logs that document user activity help identify accountability violations.

Notwithstanding the introduction of these additional concepts, confidentiality, integrity, and availability still form the basis of information security and they are central to the effective design and development of online products/applications. A clear understanding of the CIA triad ensures that online products and services are designed to minimise/eliminate opportunities for data breaches, either accidentally or as a result of cyber attacks.

Security by Design measures for CIA

The following document contains a list of events that could lead to security breaches, categorised into the three aspects of the CIA security triad. It also identifies countermeasures that can be applied at the online product and service design stage leading to Security by Design.

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now