Why the CIA Triad Is the New Standard For Information Security

Why the CIA Triad Is the New Standard For Information Security

September 22

How ironic that not even companies that specialize in security are impervious to security breaches. Anti-virus software maker BitDefender found this out firsthand when a set of customer usernames and passwords was exposed in plain text. The breach exemplifies how easily IT services can be compromised. It also highlights the importance of CIA.

Not to be confused with the government’s Central Intelligence Agency, the CIA Triad is increasingly being recognized as the de facto standard for strengthening the effectiveness and awareness of cyber security. It makes a lot of sense if you really dig into the letters, because the ideal security infrastructure is comprised of these fundamentals:


Confidentiality and privacy are one and the same. This facet of the security triangle focuses on keeping sensitive data away from unauthorized parties. A commitment to confidentiality means organizations in possession of vast amounts of information must adopt practices specifically built around safeguarding that information. It may very well call for a special training program that educate access-carrying employees across all departments on the best practices in password protection, social engineering, and other topics that are imperative to cyber security.

IT service providers have an abundance of valuable information at their disposal. Intellectual property. Credit card numbers. Personal information belonging to customers. Protecting sensitive data is vital to information security and satisfying strict compliance regulations.

When it comes to ensuring confidentiality, encryption is universally embraced as a reliable solution. Encryption is available in many forms, including the SSL protocol used to protect data transferred over the internet. Authentication is another method firms can rely on to secure information tucked behind login screens.


Integrity is all about ensuring the quality and consistency of data.

Ensuring integrity can be as simple as creating policies that dictate which users have access to certain information and who has what level of file privileges. A more extreme example might involve the measures a service provider takes to make sure the data on their systems is protected from instances such as crashes and power surges. Since sudden equipment failures can also compromise integrity, the concept of backing up becomes an essential measure that ensures fast and efficient recovery from unforgiving disasters.

Invalid, outdated, or otherwise obsolete information is essentially worthless. At the same time, any data that has been tampered with can be costly. Just imagine the chaos that might ensue if the usernames and passwords customers used to log in to your systems were intercepted. On the bright side, the cryptography technology that helps sure up confidentiality with encryption can bolster integrity as well. For instance, cryptographic hashes can be used to make sure information hasn’t been altered while traveling or resting in storage. IT security personnel can find checksum tools for both Windows and Unix-like systems to verify data integrity.


Availability is the CIA facet that arguably demands the most from an organization. In a nutshell, it entails the ongoing process of doing whatever is necessary to keep all hardware and software components up and running. For providers of IT solutions, that focus must also shift to connectivity. Strategic planning and resource allocation is called for in order to ensure that traffic and activity has minimal impact on websites and mission-critical applications. The goal of availability is to provide around-the-clock access to any resources clients need to tap into.

information security photo

If clients and IT staff can’t access your systems on demand, then the data residing on those systems has little to no value. Service providers should understand that bottlenecks aren’t the only threats to availability. The dreaded DDoS attack is a technique cyber villains commonly use to deny access to network resources. A comprehensive backup plan is essential to ensure availability through rain, sleet, or snow. Backups of critical data will make it possible to recover your IT systems. Having a functional off-site location on stand-by will prove handy in the event that your data center is compromised by disaster.

No matter what industry they service, all IT providers deal with their fair share of sensitive information. Cyber security threats are rapidly becoming more advanced, and seemingly having greater success at hitting their targets. In this world of big data and everything Internet, it’s time for businesses of all sizes to approach information security with a CIA mindset.