Background

The so-called triad of Confidentiality, Integrity, and Availability (CIA, conveniently) is a staple of security folklore. Pretty much any security practitioner you encounter will bring this out at some point, although there’s no precisely worded explanation of the thinking behind it.

The general principle is that security is about preventing people who shouldn’t see specific bits of information from seeing them (confidentiality), preventing information from being changed when we didn’t want it to be changed (integrity), and making sure that information and services are accessible when they’re needed (availability). The implication ...