Confidentiality, Integrity, Availability (CIA)

Governance (GRC) 📜 • Security Operations 🛡️ • Security+ 01 • Difficulty: free

What is Confidentiality, Integrity, Availability (CIA)?

Confidentiality, integrity, and availability are the three core security objectives used to describe what information and systems must be protected against: unauthorized disclosure, unauthorized alteration, and unacceptable loss of access.

Examples

Encrypting sensitive customer data supports confidentiality by reducing the chance that unauthorized people can read it.
Digital signatures and hashing support integrity by helping detect unauthorized changes to files or messages.

Discover 🔎

Security is often described through three basic questions. Can the wrong person see the information? Can someone change it without permission? Can the right people still use it when they need it? Those three questions map directly to confidentiality, integrity, and availability.

The CIA model matters because it gives defenders a simple way to describe what is at risk. A breach may be mainly about exposure, corruption, downtime, or a mixture of all three. Once the objective is clear, it becomes much easier to decide which controls are appropriate and which business consequences matter most.

Remember: The CIA model is not about intelligence agencies here. It is about the three foundational security goals of information and service protection.

Summary 📝

Confidentiality, integrity, and availability are the three central security objectives used to describe what must be protected in systems and data. Together they provide a practical framework for understanding exposure, tampering, and downtime. Security planning becomes clearer and more useful when controls are tied back to these three objectives instead of being discussed in isolation.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.