The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security. The CIA triad was developed in 1979 by Barry Buzan and Victor Chvatal, two researchers at IBM. Today, it is considered an international standard for information security and cryptography.
The CIA triad describes three fundamental aspects of information security: confidentiality, integrity and availability. Utilizing these three components of security keeps information safe from unauthorized use, modification or denial. A cyber attack can be costly because of its potential to substantially affect/cause harm to a business or governmental operation through the loss or corruption of data. According to the U.S. Department of Commerce, “the potential economic impact of cyber espionage is estimated to reach up to $400 billion per year globally.”
A simple analogy to illustrate the importance of maintaining confidentiality, integrity and availability is a house that is broken into by thieves. Confidentiality is the concept of keeping your information out of reach. It is like making sure all the doors and windows are locked before going on vacation. Integrity is like keeping the security alarm set even though you’re in the house. It is keeping the doors and windows locked after burglary. Availability is like making sure your door isn’t so easy to open that anyone can get in. It is like spending the money to get a more sophisticated security system installed after the burglary.
Another simpler analogy of the CIA triad is creating a time machine. A time machine is a device that represents confidentiality. When a time machine is created, the Time Police monitor the development of time machines, representing integrity. When a time machine is fully developed, the Time Police can travel back in time and visit the past, representing availability.
The CIA triad model provides a basic framework for defining information security. According to IT-Harvest: “Assuming all three elements are included, a secure system can be built both operationally and technically. The security must, of course, not only be logical but also physical, as a cyber system is only as strong as its weakest link.”