100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Python

The CIA Triad

Learn Confidentiality, Integrity, and Availability — the foundational model for reasoning about information security.

Introduction to CybersecurityBeginner9 min readJul 8, 2026
Analogies

Introduction

The CIA Triad — Confidentiality, Integrity, and Availability — is the foundational model used to evaluate and design information security. Nearly every security control, policy, or incident can be understood in terms of which of these three properties it protects or violates. Despite the name overlap, it has no relation to any intelligence agency; it is a purely conceptual framework.

🏏

Cricket analogy: Just as every cricket dismissal is scored as bowled, caught, or run-out, every security event can be classified as a breach of confidentiality, integrity, or availability, giving analysts a shared vocabulary the way scorecards give commentators one.

Explanation

Confidentiality means that information is accessible only to those authorized to see it. It is enforced through mechanisms like access controls, authentication, and encryption. Integrity means that data is accurate, complete, and has not been altered by unauthorized parties; it is protected through mechanisms like checksums, digital signatures, and version control. Availability means that systems and data are accessible to authorized users when needed; it is protected through redundancy, backups, and capacity planning to resist disruption. These three properties often exist in tension — for example, strong confidentiality controls (multiple authentication steps) can reduce availability (slower access), so security design involves balancing all three based on the value and sensitivity of the asset being protected.

🏏

Cricket analogy: Confidentiality is like a dressing room where only registered players and support staff can enter; integrity is the umpire's decision review system ensuring the scoreboard reflects what actually happened; availability is the stadium gates opening on time so ticket holders aren't locked out, and adding extra security checkpoints (like multi-factor entry) can slow the queue just as MFA slows login.

Example

text
Confidentiality violation:
  An attacker breaches a hospital database and downloads
  patient records without authorization.

Integrity violation:
  An attacker gains access to a grading system and
  changes their exam scores without detection.

Availability violation:
  An attacker floods a company's website with traffic
  (a denial-of-service attack), making it unreachable
  for legitimate customers.

Analysis

Each example maps to exactly one leg of the triad, but real incidents often touch more than one. A ransomware attack, for instance, typically violates availability (files are locked and inaccessible) and may also violate confidentiality (attackers exfiltrate data before encrypting it) and integrity (files may be corrupted). Security professionals use the CIA Triad as a diagnostic tool: when assessing risk or designing a control, they ask which of the three properties is at stake and prioritize controls accordingly. A financial ledger, for example, prioritizes integrity above all; a public news website prioritizes availability; a medical record prioritizes confidentiality.

🏏

Cricket analogy: A pitch invasion that damages the wicket and steals equipment from the dressing room hits availability (match delayed) and confidentiality (team strategy notes stolen) at once, just as ransomware often locks files and exfiltrates them simultaneously, so a financial ledger-like scorecard must prioritize integrity above all.

Key Takeaways

  • Confidentiality: only authorized parties can access information.
  • Integrity: data remains accurate and unaltered by unauthorized parties.
  • Availability: systems and data are accessible to authorized users when needed.
  • A single incident can violate more than one leg of the triad simultaneously.

Practice what you learned

Was this page helpful?

Topics covered

#Python#CyberSecurityFundamentalsStudyNotes#CyberSecurity#TheCIATriad#CIA#Triad#Explanation#Example#StudyNotes#SkillVeris