The information security triad of the CIA provides us with a reference to evaluate and implement secure information systems, independently of the underlying technologies. The three main objectives are Confidentiality, Integrity, and Availability. Each one have specific requirements and processes.

Confidentiality: ensures that only authorized users can use / access data or an information system. User identification and passwords, access control lists (ACLs) and policy-based security are some of the methods by which confidentiality is achieved.

Integrity: integrity guarantees that the data or information system can be trusted. It is guaranteed that it is only modified by authorized entities and remains in its original state when during storage and transmission. Data encryption and hash algorithms are key processes to provide integrity.

Availability: data and information systems are available when the users need them. Hardware maintenance, software patching / updating and network optimization ensure availability.

Although Donn B. Parker tried to add three more concepts in 1998 (the Parkerian hexad), everybody in the information security field continues to use the concept of security triad.

More Info: www.doc.ic.ac.uk