--Originally published at Intervention IT
Today I want to talk about something called the Triad CIA, which are the tree main goals of security.
Each one of them, Confidentiality, Integrity, and Availability are not the same and can cause some confusion. But fear not, I am here in order to explain in the easiest way the main differences.
Confidentiality
First of all is Confidentiality, this is probably the first one to come in your mind when talking about security. It is just to protect your stuff from unauthorized disclosure, I means that none should be able to see your secrets without your consent.
You could think: that’s it! Everything in security is confidential so why you talk about the other tree? Well, it is not entirely true. You can have security with little confidentiality. Just think about a web page with just information about a touristic place. It has nothing else than information and anyone can see it, so: why is it secure with little to no confidentiality? I can respond this with the following concept.
Integrity
Integrity is a wat that we protect an asset from unauthorized changes. Or in other words, only certain people are permitted to modify the data. We can see how in my previous example of the information only web can be secure if its integrity is preserved, it means that we can implement methods to ensure that only the administrators can change the web.
Availability
Another goal, it means that security must try to accomplish a data accessible and reliable. In my previous example, it means that the web should be up as often as possible. This is the easiest of the three goals to understand, but maybe the hardest because of the trade-offs implied. Just think about
Every Security system implemented has this three goals in mind, but cannot satisfy all three of them completely. You must analyze which system fulfills better your needs in order to become secure.
