IT Security CIA Triad
​The CIA Triad

There are three crucial components that make up the elements of the CIA triad, the widely-used model designed to guide IT security. Those components are confidentiality, integrity, and availability. Think of IT Security as you would a triangle…you need all three sides to make a whole.
 
Confidentiality is the set of rules which limits access to information. It is important to protect confidentiality by restricting access to those who are authorized to view that data. This is one reason data and system classification is so important. Some risks associated with lack of confidentiality are loss of privacy, unauthorized access to information, and identity theft.

Integrity is the assurance that the information is trustworthy and accurate. Data must not change in transit and must be protected from alteration by unauthorized parties. User access controls must be in place and backups must be available for restoring affected data. Some risks involved with not protecting the integrity of data are fraud and information that is no longer reliable or accurate.

Availability is the guarantee that information can be accessed by authorized personnel. Availability is ensured by maintaining hardware and software, as well as having data backups and a good disaster recovery plan for the worst case scenario. Risks associated with lack of availability are business disruption, loss of revenue, and loss of reputation.

As you can see, the three core components of IT Security are critical for protecting the Institute’s data. No one component is more important than the others, as they are all three equally vital to IT security.