Confidentiality, Integrity, and Availability

Confidentiality, integrity, and availability comprise the CIA triad, a model used to guide the areas of focus for computer security. These three foundational objectives drive the development of policies, form the basis for information security plans, and are the principles for developing benchmarks to assess security.

Confidentiality ensures that only authorized users have access to data. Integrity means assuring that data remains in its intended state and is only edited by authorized personnel. Availability is defined as providing the right access to systems and data when and where needed. Together, the CIA triad provides a solid baseline for computer security.

There are two additional objectives that are often included in security evaluations and plans: authentication and nonrepudiation. Authentication is the process by which credentials are presented and validated to enable access. Nonrepudiation ensures authenticity such that the originator cannot deny identity.


For longer definitions, read:

The impact of breaches of any of the five is discussed in FIPS PUB 199 Standards for Security Categorization of Federal Information and Information Systems on pages 2–6.

Check Your Knowledge

Choose the best answer to each question:
Question 1
The CIA triad is a major concept for cybersecurity professionals. Which of the following parts of the triad defines availability?
prevention of unauthorized disclosure of sensitive data
prevention of unauthorized changes to systems and data
prevention of disruption of service and productivity
prevention of lawsuits from contractors and other parties
Question 2
The CIA triad concept that relates to appropriate access to sensitive information is which of the following?
Question 3
Hardware maintenance, redundancy, network communications, backups, and upgrades are significant to systems. Which of the following parts of the CIA triad is concerned with these tasks?
Question 4
Several security models relate to different components of the CIA triad. Which of the models below address the three goals of integrity?
The Clark–Wilson model
Biba model
Bell-­LaPadula security model
Lattice model
Question 5
Classification categories for access control are based on evaluation of sensitivity or criticality. The generalized format for expressing the security category, SC, of an information type is:
confidentiality, integrity, availability
confidentiality, integrity, assurance
confidentiality, integration, availability
confidentiality, integration, assurance
Question 6
Asymmetric key encryption, which uses public and private keys to encrypt and decrypt data, is advantageous due to which of the following:
confidentiality, authentication, non­repudiation
confidentiality, integration, availability
confidentiality, integrity, non­repudiation
confidentiality, integrity, authentication
Question 7
What are two of the main security goals of the CIA triad?
commercial and federal infrastructure
confidentiality and integrity
availability and refutability
analysis and development
Question 8
Which of the following part of the CIA triad defines integrity?
prevention of the use of private information
prevention of unauthorized changes to company data
prevention of destruction of physical services
prevention of litigation of users