Full Text

What is the CIA triad? The CIA triad components, defined

The CIA triad is a widely used information security model that can guide an organization's efforts and policies aimed at keeping its data secure. The model has nothing to do with the U.S. Central Intelligence Agency; rather, the initials stand for the three principles on which infosec rests:

* Confidentiality: Only authorized users and processes should be able to access or modify data

* Integrity: Data should be maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously

* Availability: Authorized users should be able to access data whenever they need to do so

These three principles are obviously top of mind for any infosec professional. But considering them as a triad forces security pros to do the tough work of thinking about how they overlap and can sometimes be in opposition to one another, which can help in establishing priorities in the implementation of security policies. We'll discuss each of these principles in more detail in a moment, but first let's talk about the origins and importance of the triad.

Who created the CIA triad, and when?

Unlike many foundational concepts in infosec, the CIA triad doesn't seem to have a single creator or proponent; rather, it emerged over time as an article of wisdom among information security pros. Ben Miller, a VP at cybersecurity firm Dragos, traces back early mentions of the three components of the triad in a blog post; he thinks the concept of confidentiality in computer science was formalized in a 1976 U.S. Air Force study, and the idea of integrity was laid out in a 1987 paper that recognized that commercial computing in particular had specific needs around accounting records that required a focus on data correctness. Availability is a harder one to pin down, but discussion around the idea rose in prominence in 1988 when the Morris worm, one of the first widespread pieces of malware, knocked a significant portion of the embryonic internet offline.

It's also not entirely clear when the three concepts began to be treated as a three-legged stool. But it seems to have been well established as a foundational concept by 1998, when Donn Parker, in...