54. What is the Concept of Confidentiality, Integrity, and Availability (CIA) and why are information security policies so important, and do you offer comprehensive I.T. security documentation?

Confidentiality, Integrity, and Availability (CIA) – also known as the CIA triad – is one of the guiding principles and concepts within information security expressed in the following manner:

  • Confidentiality: Preventing the disclosure of information to unauthorized individuals and/or systems.
  • Integrity: Ensuring that information cannot be modified undetectably, such as guarding against improper information modification or destruction.
  • Availability: Ensuring that information is available as needed, which consists of timely and reliable access.

A common example of “Confidentiality” would be an online transaction conducted over secure methods, such as the use of encryption over port 443, whereby information is protected via HTTPS. As for “Integrity”, an example would be the trustworthiness of customer financial account information (i.e., bank accounts, personal information) held by a bank for conducting daily operational transactions. As for “Availability”, this could pertain to a bank’s customer facing web servers that host the online banking portal, for which customers can access any time of the day. The CIA triad is without question one of the most well-known and understood concepts in all of information security – and though there’s slight difference regarding the interpretations each term – there’s almost unanimous agreement on the overarching themes of “Confidentiality”, “Integrity”, and “Availability”.

There’s also been a movement by some within the information security industry to change and modify the CIA triad over the years, but to this day, it’s stood the test of time and continues to be a highly respected and well-established principle.

Information Security Policies | A Vital Component of CIA

All organizations should strive to abide by the CIA principles – however - it requires implementing a comprehensive framework for information security, one that utilizes industry leading tools, protocols, and best practices. Documented information security policies and procedures are one of the most critical initiatives for meeting the CIA principles, and the FLANK21 set of documents from flank.org is the perfect place for obtaining such material.

With literally hundreds of operational, business specific, and information security policies, procedures, forms, checklists, templates, provisioning and hardening documents – and more – FLANK is the industry leader for all your enterprise-wide documentation needs.

View Sample Security Policies & Download Packe Today

The guiding principles of CIA are still - to this day - one of the best-known provisions within information security, and documented policies and procedures – such as those offered by FLANK – play an important role in adhering to that of Confidentiality, Integrity, and Availability.