The CIA Triad

Information Security is all about the CIA Triad -- Confidentiality, Integrity and Availability. Often when we talk about Information Security we generalize it to IT Security which simply limits the overall general definition of Information Security. Information Security is the ensuring of Confidentiality, Integrity and Availability of Information System. Information System is any system which processes data -- even a sheet on which attendance is being taken makes an Information System.

Understanding the CIA triad helps us understand the Information Security posture of any Information System. The best way to absorb the definitions of Confidentiality, Integrity and Availability is to know their antonyms:

Confidentiality --> Disclosure
Integrity --> Alteration
Availability --> Inaccessibility

The disclosure of sensitive information to an unauthorized entity would hurt the Confidentiality. The illegal alteration in original information would hurt the Integrity. The inability to access the information when and where needed would hurt the Availability. That means...

1. Confidentiality is ensuring non-disclosure of information.
2. Integrity is ensuring accurateness of information.
3. Availability is ensuring access to information when and where needed.

The CIA Triad is pretty much dependent on each other as well. The breach of either C, I or A might let to the breach of other CIA Triad.