IMHO it's worth giving uber-concise definitions of the CIA Triad definitions:

Confidentiality: Only those who should have access, do.

Integrity: Data is what it should be, and chaged only by those with authority

Availability: Systems and Data should be accessible and useful

It's also an interesting side-note how many "CIA+" standards you will see from various security professionals, including:

CIAP: adds "Privacy" which is, you know, confidentiality

CIAA: Adds "Auditing" which is a useful addition. "Transactions and administrative activities should be logged"

CIAO: See you later.



BMoe (Brad Moore)

BMoe (Brad Moore)


Crappy writer with good information. I’m here to inform and protect through better management and improved technology