The CIA Triad represents the three core objectives of information security. Every security control, policy, and tool is designed to protect one or more of these principles.
Confidentiality
Ensures that information is accessible only to those authorized to access it. Breaches occur through eavesdropping, credential theft, insecure storage, or weak encryption.
Integrity
Guarantees that data has not been altered without authorization and can be trusted. Man-in-the-middle attacks, SQL injection, and insider sabotage threaten integrity.
Availability
Ensures that systems and data are accessible when needed. DDoS attacks, ransomware, and hardware failures threaten availability.
Understanding how to balance these three principles is essential for designing secure systems.