The CIA Triad of IT Security

Alexander Oni
A free video tutorial from Alexander Oni
Best Selling Instructor, 100,000 + Students
4.6 instructor rating • 25 courses • 133,315 students

Learn more from the full course

The Absolute Beginners Guide to Cyber Security 2021 - Part 1

Learn Cyber Security concepts such as hacking, malware, firewalls, worms, phishing, encryption, biometrics, BYOD & more

03:54:25 of on-demand video • Updated August 2021

  • Understand the basic concepts and terminologies used in the information and cyber security fields
  • Take up entry roles for IT and Cybersecurity Positions
  • Differentiate between the various forms of malware and how they affect computers and networks
  • Understand how hackers actually hack
English [Auto] Let's talk about the CIA, try it, and no, I am not referring to the Central Intelligence Agency, I am referring to a model that is designed to guide every information security policy or cybersecurity policy of an organization. So behind every security policy, you have three core fundamental parts which makes up the CIA triad. So what exactly is this? CIA Tredwell? The C stands for confidentiality. I stands for integrity and the A stands for high availability. So what exactly do these three things mean? Well, first off, we have confidentiality. This limits access to information and basically makes sure that only people with the right clearance have access to that information. And as such, it also ensures privacy. It makes sure that data is kept safe and secure from the general public. Only people with the right access would be able to view certain information or data. That's all. Confidentiality is all about. And there are several methods by which we can achieve this. We have encryption, which we'll talk about later. We have biometrics, which would involve things like fingerprint scans, eye scans, voice sampling and so on and so forth. We also have passwords, of course, probably the most popular confidentiality method out there, and we also have security tokens as well. Next up is integrity. And this ensures that data that's been sent from one point arrives at its destination without any alteration. It basically make sure that data remains consistent and accolades. It makes sure that data has not been tampered with in any way. And there are different methods by which we can achieve this. We have the use of user access controls and we also have checksums, which we'll talk about later as well. And finally, we have availability, which ensures that data is available at all times. Whenever people need to work on data, it is right there waiting for them. And there are different methods of achieving this. We have backups, we have had maintenance and repairs, and we also have disaster recovery as well, which we'll talk about a bit later as well. So to summarize, well, confidentiality would involve sets of rules that limit access to information. That's basically all what confidentiality is all about. Integrity, on the other hand, is the assurance that information has not been compromised, it's not been altered. It remains pure and unaffected. And finally, availability is a guarantee of reliable access to information by authorized people, by people with the necessary clearance. So these three together make up the CIA triad, and it is the backbone of every information security policy or cybersecurity policy of an organization.