CIA Triad: Confidentiality, Integrity, and Availability

The CIA triad is one of the first security frameworks I learned. It gives me a simple way to think about what security is protecting.

Confidentiality

Confidentiality means only authorized people can access information. Passwords, encryption, permissions, and MFA all support confidentiality.

A confidentiality failure happens when information is exposed to someone who should not see it. Examples include a leaked password, a public storage bucket containing private files, or a user account with too much access.

Integrity

Integrity means data stays accurate and unchanged unless a trusted process changes it. File hashes, logging, backups, and change control help protect integrity.

An integrity problem is not always about stealing data. It can be about changing data. If an attacker modifies account numbers, grades, logs, or configuration files, the data can no longer be trusted.

Availability

Availability means systems and data are usable when needed. Backups, redundancy, monitoring, and patching can help reduce downtime.

Availability matters because a secure system is not useful if nobody can use it. Power failure, hardware failure, denial-of-service attacks, and misconfiguration can all affect availability.

How I use it

When looking at a security issue, I ask which part of the triad is affected. A leaked password affects confidentiality. Tampered data affects integrity. A service outage affects availability.

Beginner practice

For each security story I read, I try to label the impact: confidentiality, integrity, availability, or more than one. This helps me think like a defender and explain risk more clearly.