S002: The CIA Triad

Information is a valuable asset to any organization. Read about three major criteria that define whether we consider it secure.

Information is arguably the most critical asset in any organization because without it there would be no communication. Text, images, video, audio and any other data can be considered information if it is in a useful, readable form. When it is useful to people it adds value, which is what drives clients and customers to purchase products and provides revenue for a business. Therefore, protecting information can be directly tied to a company’s bottom line.

For this reason, there is a concept that professionals use in order to determine how secure a certain set of information might be. This concept is called the CIA Triad, because it is made up of three factors: Confidentiality, Integrity and Availability. Referencing these three pillars of the CIA Triad makes it easy for professionals to understand each other when talking about a specific case.

The terms themselves are fairly easy to understand, but there is a lot more that goes into how security is applied to each concept. Here are brief explanations of what each pillar means:

Confidentiality has the same meaning in Information Security that it does in any other circumstance. When something is confidential, the owner does not want his or her information to be seen by the wrong people. For example, you and your financial planner are the only two people who should be able to see how much money is in your checking account. If somebody else has access to that information when they should not, confidentiality has been breached.

When talking about integrity in the context of InfoSec, it means that the information was not changed by anybody who is not authorized to change it. When professionals talk about the integrity of data or information, they are trying to figure out whether or not it has been tampered with. For instance, if you are unhappy with your grade in Calculus and hack into your teacher’s online grade book to give yourself an A, you have breached the integrity of the original data. I do not recommend nor condone any such actions — if you are a person with integrity, you will work hard and accept the grade you receive based on your quality of work. See the difference in the meaning of integrity in these two contexts?

Availability, like confidentiality, is a concept whose meaning is very similar to any other situation. When information is available, it means the right people can access it when they need to do so. When a natural disaster such as Hurricane Irma moves closer to Florida, many people will run to the store and buy as much food to store as possible in case they are unable to shop for a while. The next day, someone who goes to the store may not find empty shelves and will need to rely on what they have in the house. As with food necessary for survival, when certain information is unavailable there is a chance that an executive may be forced to rely on what they know at that point in time.

You should now be able to see clearly how breaches of confidentiality, integrity or availability can negatively impact people and organizations. Information is used every day to make business decisions such as hiring the right people, purchasing the right products and finding the right partners — but as mentioned earlier, any breach could have a negative effect on the organization’s financial profit, goals and the emotional well-being of its employees.