The CIA Triad (Not that CIA)

No, these are not people trying to put chips into your bloodstream! (Gurh!)

The CIA Triad is actually a model that we use to communicate effectively, core bottom line cyber security concepts to people who aren’t cyber security experts. The CIA in this case stands for Confidentiality, Integrity, and Availability.

These are 3 attributes that we want all our data, and our interaction with data, to have.

Confidentiality means that we’re making sure that there are restrictions on who’s authorized to actually access, see and work with data, personal privacy.

Integrity means we want to make sure that the data is what we think it is. In other words, we don’t want the data to be inappropriately modified or destroyed.

And the third is Availability. When we need the data, it’s there.

All of the strategies we’re talking about, and a lot of the compliance standards NIST, CMMC, all that kind of fun stuff, are really just strategies for us to make sure that the CIA is there for us.

(Not that CIA!)

So next time you’re talking to somebody about cybersecurity, and there’s a skills gap, whether they’re over-skilled or you’re over-skilled, use the CIA triad, because it actually allows you to bridge those differences.

Which is really important. We all have to be on the same page here.