What is the CIA Triad in Cybersecurity?
The CIA Triad — Confidentiality, Integrity, and Availability — is the foundation of all information security. Every security control on the CompTIA Security+ exam maps back to one of these three principles.
Confidentiality
Confidentiality ensures that data is only accessible to authorized individuals, entities, or processes. It prevents sensitive information from reaching unauthorized parties. The core idea is that data should be kept secret from those who should not have access to it.
Common confidentiality controls include encryption (scrambling data so only authorized parties can read it), access control lists (specifying who can read files), multi-factor authentication (verifying identity before granting access), and the principle of least privilege (granting only the minimum access needed).
On the Security+ exam, confidentiality breaches often involve data leaks, unauthorized access, or interception of communications.
- Encryption protects data at rest and in transit from unauthorized viewing
- Access controls (RBAC, MAC, DAC) enforce who can read data
- Principle of least privilege limits exposure by granting minimal access
- MFA and strong authentication prevent unauthorized access
Integrity
Integrity ensures that data remains accurate, consistent, and unaltered during storage, processing, or transmission. It protects against unauthorized modification or destruction of information.
Integrity controls detect and prevent unauthorized changes. Common tools include hashing (producing a fixed-size checksum of data that changes if the data changes), digital signatures (proving the origin and integrity of a message), checksums (simple integrity verification), and version control (tracking changes over time).
On the Security+ exam, integrity is often tested with questions about hashing algorithms (SHA-256, MD5), digital signatures, and certificate validation.
- Hashing (SHA-256, SHA-3) creates a unique fingerprint of data to detect tampering
- Digital signatures combine hashing with asymmetric encryption to verify source and integrity
- Code signing ensures software hasn't been modified after release
- Integrity violations include unauthorized modification, man-in-the-middle attacks, and data corruption
Availability
Availability ensures that data and systems are accessible when authorized users need them. It guarantees uptime, reliability, and continuity of services.
Availability controls include redundant systems (failover servers, RAID storage), backup and disaster recovery plans, load balancing (distributing traffic across multiple servers), and DDoS protection (mitigating attacks designed to overwhelm systems).
On the Security+ exam, availability is tested through disaster recovery concepts (RTO, RPO), business continuity planning, high availability architectures, and protecting against denial-of-service attacks.
- Redundancy eliminates single points of failure — use multiple servers, power supplies, network paths
- Backups and disaster recovery ensure data can be restored after an incident
- Load balancers distribute traffic to prevent overload
- DDoS protection and traffic filtering maintain service availability during attacks
Balancing the CIA Triad
In practice, security professionals must balance all three principles. Improving one often affects the others. For example, making data more available (easy to access) can reduce confidentiality. Strong encryption (improving confidentiality) can slow down systems, reducing availability.
The right balance depends on the organization's risk appetite, regulatory requirements, and business needs. A financial institution may prioritize integrity and confidentiality, while an e-commerce site may prioritize availability.
Exam Tip
The CIA Triad appears on nearly every Security+ exam. Know specific real-world examples: encryption = confidentiality, hashing = integrity, RAID/failover = availability. Be ready to identify which principle is affected by a given scenario.