CIA triad

CIA triad is a mnemonic for the three aims of Information security: Confidentiality, Integrity and Availability.

=Confidentiality=

Confidentiality includes restricting access to information to those who are privileged to see it. Network sniffing is an example of a violation of confidentiality.

=Integrity=

Integrity is trust that can be placed in the information. Data integrity is having trust that the information has not been altered between its transmission and its reception. Source integrity is having trust that the sender of that information is who it is supposed to be. Data integrity can be compromised when information has been corrupted, willfully or accidentally, before it is read by its intended recipient. Source integrity is compromised when an agent spoofs its identity and supplies incorrect information to a recipient.

=Availability=

Availability defines that information or resources are available when required. Most often this means that the resources are available at a rate which is fast enough for the wider system to perform its task as intended. It is certainly possible that a confidentiality and integrity are protected, but an attacker causes resources to become less available than required, or not available at all. See Denial of Service.

=Accountability=

Accountability, a fourth component, is synonymous with non-repudiation. The non-repudiation of receipt of information means that an agent can t deny receiving information. This can prevent an online vendor from being obliged to ship replacement goods to a malicious customer who denies receiving the original items. The non-repudiation of sourcing information means that an agent can t deny send information. This prevents an agent from anonymously sending spoofed emails with malicious intent, for example. Often there are wider laws and regulations governing the requirements for accountability.