What is CIA (in Cybersecurity)?

No, we’re not talking about the Central Intelligence Agency.

Like other unfortunate acronyms out there in the world (one of our favorites is the WTF, aka the World Trade Federation), CIA can often mean a few things. Normally, yes, it does refer to the Central Intelligence Agency. But when it comes to cybersecurity, it means something entirely different.

In cybersecurity, CIA refers to the CIA triad — a concept that focuses on the balance between the confidentiality, integrity and availability of data under the protection of your information security program.

This concept has emerged over the past two decades as a key tenet for information security professionals as it helps direct efforts, spend and hours when trying to create and optimize a cybersecurity program and align it to the needs of the business.


Keeping data secure

At its core, the tenet of confidentiality is about keeping what needs to be private, private. Government regulation, industry compliance requirements, expectations from your business partners and your company’s own business priorities all play a role in defining what data needs to be kept confidential.


Keeping data clean

Integrity focuses on keeping data clean and untainted, both when it’s uploaded and when it’s stored. This means making sure only those who are allowed to modify it, modify it.


Keeping data accessible

Availability essentially means that when an authorized user needs to access data or information, they can. It can sometimes be confused with or even seem to contradict confidentiality.