Understanding the CIA Triad in 2022

Share this

A question I commonly see when individuals are trying to break into the Cybersecurity industry is: What do I need to understand to be successful and make it?

My response has always been to start at the CIA Triad (also referred to as the CIA Triad Principles). The Triad is a strong fundamental approach on how we handle and protect data, systems or other valuable assets. The CIA Triad stands for Confidentiality, Integrity and Availability. Think of it as part of an equilateral triangle where all sides are equal and no one principle is more important than the other. It only takes one side to fall in order for the contents inside the triangle to be exploited.

As you progress in your cybersecurity journey, you will often refer back to these principles to determine how an asset can be better protected or risk better mitigated. Let’s dive in further into the CIA Triad security model.

Confidentiality

Confidentiality (privacy) is assuring the correct person(s) have access to the material or data while it is in-transit, at-rest or processing. This can be achieved by a variety of primary controls including: Two-Factor/Multifactor Authentication (2FA/MFA), Encryption, Access Controls, Classification, Watermarking and more.

What are the threats to Confidentiality?

Things that threatened confidentiality include (but are not limited to): Human Error, Weak Passwords, Lack of Strong Encryptions. Eavesdropping (including Dumpster Diving) and Insider Threats.

Integrity

Integrity is assuring that the data or systems cannot be altered or destroy by unauthorized person(s). This can be achieved by a variety of primary controls including (but not limited to): Hashing, Auditing, Setting File Permissions, Backups and Message Digests.

What are the threats to Integrity?

Things that threatened Integrity include (but are not limited to): Data Diddling, Human Error, Vulnerable Software, Insider Threat and Ransomware.

Availability

Availability is assuring that the data can be accessed by authorized person(s) whenever requested. This can be achieved by a variety of primary controls including (but not limited to): Firewalls, Load Balancers, Uninterruptable Power Supplies (UPS), Business Continuity Plan and Disaster Recovery Plan (BCP/DR) and Backups.

What are the threats to Availability?

Things that threatened Availability include (but are not limited to): Human Error, Default Passwords (on security appliances), Power Outages, Natural Disasters, Ransomware and Insider Threats.

Below is a more in-depth video of the CIA Triad. It will cover things in greater depth as well as a few extra tips that are not outlined on this blog.

EXAM TIP: When studying, I find it useful to approach question sets by asking yourself where it lies on the CIA Triad. This will give you a strong hint as to what answer you should be looking for. For instance, if the question is talking about DDOS mitigations, the question is likely referencing Availability. You want to make sure the responses line up with ensuring the information is available when it needs to be (i.e. Load Balancers, Firewalls, Backups). It wouldn’t make much sense to apply a Confidentiality control like watermarking to ensure Service Level Agreements (SLA).

Be sure to have a firm grasp on the CIA Triad and if you have any questions or suggestions, please feel free to reach out to me.


To support this blog, this post may contain affiliate links. Please read our Privacy Policy for more information.
For over 20 years, I have had the distinct opportunity to work in the Information Technology space under a variety of distinct roles. My unique position has helped me become a risk management Maven for Fortune 500 and Small Business Companies around the world. For the last 12 years, I have assisted Small Business Owners and Insurance Agency understand the impacts of Cyber Incident exposures and what steps to take to help mitigate potential data breaches. My desire to expand my reach related to cyber security has led me to establish the Sage Knows IT blog as a way to help Small Business Owners and aspiring Information Technology (I.T.) Professionals better understand the road-maps of I.T. through the experiences I have had. Information Technology and Information Security is the future of our world and I hope this blog will inspire those that are interested in joining our ever involving field.

Related Posts

Investigating the FAA Outage: Separating Fact from Fiction

On January 11th, the Federal Aviation Administration (FAA) experienced a nationwide outage that caused widespread delays and cancellations for flights across the United States. The outage was caused by a problem with the FAA’s NOTAM (Notice To Air Mission) system.

NOTAMs are messages issued by the FAA to provide pilots with important information about flight restrictions, hazards, and other critical information. The NOTAM system is a critical component of the FAA’s air traffic control infrastructure, and the outage caused a ripple effect throughout the entire aviation system.

Failing Exams: How to Turn Failure into an Opportunity for Growth

One of the most valuable lessons I have learned is that failing an exam is not the end of the world. In fact, it can be a crucial step in the learning process. When we fail, it forces us to take a step back and assess what went wrong.

What Is Symmetric Encryption? [VIDEO]

Symmetric Encryption is an algorithm that uses the same secret key to both encrypt and decrypt plaintext into ciphertext….

Sage Knows IT: CompTIA Sec+ Study Group

CompTIA Security+ sy0-601 Study Group- Session 1

Session 1 of our CompTIA Study Group. If you are interested in joining the study group, subscribe on YouTube. To support this blog, this post may contain…

skit_how to break into it in 2022

Breaking Into I.T. in 2022 With These Tools [VIDEO]

Now more than ever, there is a significant need for IT Professionals. Whether you are brand new to the field, transitioning between jobs or looking to improve your skills….

CISSP Domain 1 Notes

Last week, both our YouTube Channel and the blog reached milestones I anticipated taking year to accomplish. It is difficult to put into words how thankful I am. As a way of expressing my gratitude, I’m making available the notes I used to pass the CISSP.