Join Mike Danseglio for an in-depth discussion in this video The CIA triad: confidentiality, integrity, and availability, part of Learning IT Security.
So one of the tools that I typically teach and I use quite a bit, and actually is a fairly well-known tool, it's been around for awhile, is something called the CIA Triad. Now CIA here doesn't refer to the agency in Washington, D.C. that does all kinds of spying and stuff. It's a bit of a different kind of acronym here, but we use it 'cause it sounds kinda of cool in the security industry, right? It makes us sound important and interesting and spy-ish. And the CIA Triad, as I mentioned, is one of the security tools or modeling tools that we can use.
And it's fairly simple, but what's important is before you actually see it, and I've got it coming up in just a sec, remember that it represents the three primary security goals, but separate security goals. These are kind of munched together by folks that don't do security twenty-four hours a day, seven days a week. They just assume that all things are security, or security is this abstract concept. So what the CIA Triad actually winds up doing is tearing apart the three aspects of security and putting them at separate corners of a triangle.
Really, what an aptly named thing that is. And the CIA Triad is here, confidentiality, integrity and availability. And I'm gonna explain a little bit more in detail about each of those and what they mean here. But what the CIA Triad is representing is that these three things... Many folks group these together. Well, security always includes confidentiality. No it doesn't. Security must always include data integrity, protecting the integrity of an... No it doesn't. It depends on the goal of a security control or a security need based on a needs assessment.
That's why we're looking at things here. So I'm gonna go through each of these separately and explain what they mean, and then I'm gonna show you how to tie all of these together by mapping controls or mapping security solutions or needs into this triad.