This one seems pretty self-explanatory; making sure your data is available. Without data, humankind would never be the same. Shabtai, A., Elovici, Y., & Rokach, L. (2012). The CIA triad is important, but it isn't holy writ, and there are plenty of infosec experts who will tell you it doesn't cover everything. The CIA triad, not to be confused with the Central Intelligence Agency, is a concept model used for information security. So as a result, we may end up using corrupted data. The CIA triad refers to an information security model of the three main components: confidentiality, integrity and availability. Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin. When talking about network security, the CIA triad is one of the most important models which is designed to guide policies for information security within an organization. The CIA Triad - Confidentiality, Integrity, and Availability - are the information security tenets used as a means of analyzing and improving the security of your application and its data. The model is also sometimes. Similar to a three-bar stool, security falls apart without any one of these components. This cookie is installed by Google Analytics. But it's worth noting as an alternative model. The cookie is used to store the user consent for the cookies in the category "Analytics". These cookies ensure basic functionalities and security features of the website, anonymously. In business organizations, the strategic management implications of using the CIA triangle include developing appropriate mechanisms and processes that prioritize the security of customer information. Although elements of the triad are three of the most foundational and crucial cybersecurity needs, experts believe the CIA triad needs an upgrade to stay effective. WHAT IS THE CONFIDENTIALITY, INTEGRITY AND AVAILABILITY (CIA) TRIAD? The assumption is that there are some factors that will always be important in information security. A. We'll discuss each of these principles in more detail in a moment, but first let's talk about the origins and importance of the triad. Learning Objectives On successful completion of this course, learners should have the knowledge and skills to: By requiring users to verify their identity with biometric credentials (such as fingerprint or facial recognition scans), you can ensure that the people accessing and handling data and documents are who they claim to be. Extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data blocked by malicious denial-of-service (DoS) attacks and network intrusions. Healthcare is an example of an industry where the obligation to protect client information is very high. Likewise, the concept of integrity was explored in a 1987 paper titled "A Comparison of Commercial and Military Computer Security Policies" written by David Clark and David Wilson. Data must be shared. A loss of confidentiality is defined as data being seen by someone who shouldn't have seen it. When we talk about confidentiality, integrity, and availability, the three of these together, we'll use the term CIA. Confidentiality, Integrity and Availability, often referred to as the CIA triad (has nothing to do with the Central Intelligence Agency! Discuss. Confidentiality covers a spectrum of access controls and measures that protect your information from getting misused by any unauthorized access. It serves as guiding principles or goals for information security for organizations and individuals to keep information safe from prying eyes. The triad model of data security. Today, the model can be used to help uncover the shortcomings inherent in traditional disaster recovery plans and design new approaches for improved business . Instead, the goal of integrity is the most important in information security in the banking system. In some ways, this is the most brute force act of cyberaggression out there: you're not altering your victim's data or sneaking a peek at information you shouldn't have; you're just overwhelming them with traffic so they can't keep their website up. This cookie is used by the website's WordPress theme. There are instances when one of the goals of the CIA triad is more important than the others. Confidentiality, integrity, and availability, often known as the CIA triad, are the building blocks of information security. Thats what integrity means. These factors are the goals of the CIA triad, as follows: Confidentiality, integrity and availability are the concepts most basic to information security. there be a breach of security (i.e., a loss of confidentiality, integrity, or availability). Encryption services can save your data at rest or in transit and prevent unauthorized entry . Nobody wants to deal with the fallout of a data breach, which is why you should take major steps to implement document security, establish security controls for sensitive files, and establish clear information security policies regarding devices. By clicking Accept All, you consent to the use of ALL the cookies. The data needs to exist; there is no question. The CIA triad is useful for creating security-positive outcomes, and here's why. Extra measures might be taken in the case of extremely sensitive documents, such as storing only on air-gapped computers, disconnected storage devices or, for highly sensitive information, in hard-copy form only. 3542, Preserving restrictions on access to your data is important as it secures your proprietary information and maintains your privacy. Biometric technology is particularly effective when it comes to document security and e-Signature verification. Study with Quizlet and memorize flashcards containing terms like Which of the following represents the three goals of information security? Confidentiality and integrity often limit availability. A final important principle of information security that doesn't fit neatly into the CIA triad is non-repudiation, which essentially means that someone cannot falsely deny that they created, altered, observed, or transmitted data. A good example of methods used to ensure confidentiality is requiring an account number or routing number when banking online. Confidentiality means that data, objects and resources are protected from unauthorized viewing and other access. CIA stands for : Confidentiality. Confidentiality, integrity, and availability, or the CIA triad of security, is introduced in this session. Especially NASA! Remember last week when YouTube went offline and caused mass panic for about an hour? In maintaining integrity, it is not only necessary to control access at the system level, but to further ensure that system users are only able to alter information that they are legitimately authorized to alter. Whether its a small business personally implementing their policies or it is a global network of many IT employees, data is crucial. In the world of information security, integrity refers to the accuracy and completeness of data. Confidentiality, integrity and availability are the concepts most basic to information security. This cookie is set by GDPR Cookie Consent plugin. Below is a breakdown of the three pillars of the CIA triad and how companies can use them. As NASA prepares for the next 60 years, we are exploring what the Future of Work means for our workforce and our work. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. By 1998, people saw the three concepts together as the CIA triad. if The loss of confidentiality, integrity, or availability could be expected to . Any change in financial records leads to issues in the accuracy, consistency, and value of the information. Security controls focused on integrity are designed to prevent data from being. The CIA in the classic triad stands for confidentiality, integrity, and availabilityall of which are generally considered core goals of any security approach. NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. These measures provide assurance in the accuracy and completeness of data. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. Emma Kanning is an intern at NASAs Johnson Space Center working in the Avionic Systems Division focused on Wireless Communication; specifically the integration of IoT devices with LTE. Figure 1: Parkerian Hexad. In a DoS attack, hackers flood a server with superfluous requests, overwhelming the server and degrading service for legitimate users. There are 3 main types of Classic Security Models. Other options include Biometric verification and security tokens, key fobs or soft tokens. LinkedIn sets this cookie to store performed actions on the website. Confidential information often has value and systems are therefore under frequent attack as criminals hunt for vulnerabilities to exploit. CIA is also known as CIA triad. Equally important to protecting data integrity are administrative controls such as separation of duties and training. Taherdoost, H., Chaeikar, S. S., Jafari, M., & Shojae Chaei Kar, N. (2013). This Model was invented by Scientists David Elliot Bell and Leonard .J. The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. It is common practice within any industry to make these three ideas the foundation of security. The need to protect information includes both data that is stored on systems and data that is transmitted between systems such as email. Most information systems house information that has some degree of sensitivity. The CIA triad, not to be confused with the Central Intelligence Agency, is a concept model used for information security. Almost any physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the internet or a similar network. This shows that confidentiality does not have the highest priority. Even NASA. CIA stands for confidentiality, integrity, and availability. This is used to maintain the Confidentiality of Security. In the CIA triad, confidentiality, integrity and availability are basic goals of information security. A good information security policy should also lay out the ethical and legal responsibilities of the company and its employees when it comes to safeguarding, Information Security Basics: The CIA Model, When we talk about the confidentiality of information, we are talking about protecting the information from being exposed to an unauthorized party. In other words, only the people who are authorized to do so should be able to gain access to sensitive data. The CIA triad is a widely used information security model that can guide an organization's efforts and policies aimed at keeping its data secure. or facial recognition scans), you can ensure that the people accessing and handling data and documents are who they claim to be. This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website. Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features. Confidentiality; Integrity; Availability; Question 2: Trudy changes the meeting time in a message she intercepts from Alice before she forwards it on to Bob. You need protections in place to prevent hackers from penetrating your, The world of security is constantly trying to stay ahead of criminals by developing technology that provides enough protection against attempts to. Internet of things privacy protects the information of individuals from exposure in an IoT environment. Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. 2022 Smart Eye Technology, Inc. Smart Eye Technology and Technology For Your Eyes Only are registered copyrights of Smart Eye Technology, Inc. All Rights Reserved. Emma is passionate about STEM education and cyber security. Some bank account holders or depositors leave ATM receipts unchecked and hanging around after withdrawing cash. Some of the most fundamental threats to availability are non-malicious in nature and include hardware failures, unscheduled software downtime and network bandwidth issues. Furthermore, digital signatures can be used to provide effective nonrepudiation measures, meaning evidence of logins, messages sent, electronic document viewing and sending cannot be denied. Nick Skytland | Nick has pioneered new ways of doing business in both government and industry for nearly two decades. But if data falls into the wrong hands, janitor Dave might just steal your data and crash the International Space Station in your name. This article provides an overview of common means to protect against loss of confidentiality, integrity, and . It is up to the IT team, the information security personnel, or the individual user to decide on which goal should be prioritized based on actual needs. Hash verifications and digital signatures can help ensure that transactions are authentic and that files have not been modified or corrupted. At Smart Eye Technology, weve made biometrics the cornerstone of our security controls. These three dimensions of security may often conflict. In simple words, it deals with CIA Triad maintenance. " (Cherdantseva and Hilton, 2013) [12] Maintaining availability often falls on the shoulders of departments not strongly associated with cybersecurity. Here are examples of the various management practices and technologies that comprise the CIA triad. The main concern in the CIA triad is that the information should be available when authorized users need to access it. potential impact . Returning to the file permissions built into every operating system, the idea of files that can be read but not edited by certain users represent a way to balance competing needs: that data be available to many users, despite our need to protect its integrity. This is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a properly functioning operating system (OS) environment that is free of software conflicts. But there are other ways data integrity can be lost that go beyond malicious attackers attempting to delete or alter it. Taken together, they are often referred to as the CIA model of information security. The . Each objective addresses a different aspect of providing protection for information. Thus, the CIA triad (Confidentiality, Integrity, Availability) posits that security should be assessed through these three lenses. Availability countermeasures to protect system availability are as far ranging as the threats to availability. These measures should protect valuable information, such as proprietary information of businesses and personal or financial information of individual users. or insider threat. Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit. He leads the Future of Work initiative at NASA and is the Agency Talent and Technology Strategist in the Talent Strategy and Engagement Division within the Office of the Chief Human Capital Officer (OCHCO). The CIA triad has three components: Confidentiality, Integrity, and Availability. However, when even fragmented data from multiple endpoints is gathered, collated and analyzed, it can yield sensitive information. A few types of common accidental breaches include emailing sensitive information to the wrong recipient, publishing private data to public web servers, and leaving confidential information displayed on an unattended computer monitor. For CCPA and GDPR compliance, we do not use personally identifiable information to serve ads in California, the EU, and the EEA. Hotjar sets this cookie to identify a new users first session. For instance, many of the methods for protecting confidentiality also enforce data integrity: you can't maliciously alter data that you can't access, after all. Information security protects valuable information from unauthorized access, modification and distribution. This is a violation of which aspect of the CIA Triad? Ensure systems and applications stay updated. Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. These core principles become foundational components of information security policy, strategy and solutions. The ultimate guide, The importance of data security in the enterprise, 5 data security challenges enterprises face today, How to create a data security policy, with template, How to secure data at rest, in use and in motion, Symmetric vs. asymmetric encryption: Decipher the differences, How to develop a cybersecurity strategy: A step by step guide, class library (in object-oriented programming), hosting (website hosting, web hosting and webhosting), E-Sign Act (Electronic Signatures in Global and National Commerce Act), Project portfolio management: A beginner's guide, SWOT analysis (strengths, weaknesses, opportunities and threats analysis), Do Not Sell or Share My Personal Information. The CIA triad is simply an acronym for confidentiality, integrity and availability. I Integrity. These cookies track visitors across websites and collect information to provide customized ads. The CIA triad requires information security measures to monitor and control authorized access, use, and transmission of information. The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. An ATM has tools that cover all three principles of the triad: But there's more to the three principles than just what's on the surface. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people. It does not store any personal data. The Health Insurance Portability and Accountability Act (HIPAA) addresses security, including privacy protection, in the the handling of personal health information by insurers, providers and claims processors. It provides an assurance that your system and data can be accessed by authenticated users whenever theyre needed. It determines who has access to different types of data, how identity is authenticated, and what methods are used to secure information at all times. It is quite easy to safeguard data important to you. In a NASA example: we need to make sure software developer Joe can access his important work regarding the International Space Station from home, while janitor Dave is never allowed to access this data. Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Not all confidentiality breaches are intentional. Thus, it is necessary for such organizations and households to apply information security measures. In addition, users can take precautions to minimize the number of places where information appears and the number of times it is actually transmitted to complete a required transaction. Keeping the CIA triad in mind as you establish information security policies forces a team to make productive decisions about which of the three elements is most important for specific sets of data and for the organization as a whole. YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. Further aspects of training may include strong passwords and password-related best practices and information about social engineering methods to prevent users from bending data-handling rules with good intentions and potentially disastrous results. These three together are referred to as the security triad, the CIA triad, and the AIC triad. Youre probably thinking to yourself but wait, I came here to read about NASA!- and youre right. Most IT security practices are focused on protecting systems from loss of confidentiality, loss of integrity, and loss of availability. EraInnovator. The CIA triad guides information security efforts to ensure success. Making sure only the people who require access to data have access, while also making sure that everyone who needs the data is able to access it. The CIA Triad is a fundamental concept in the field of information security. From information security to cyber security. Data must be authentic, and any attempts to alter it must be detectable. Considering these three principles together within the framework of the "triad" can help guide the development of security policies for organizations. The classic example of a loss of availability to a malicious actor is a denial-of-service attack. Customer success is a strategy to ensure a company's products are meeting the needs of the customer. Availability Availability of information refers to ensuring that authorized parties are able to access the information when needed. This cookie is set by GDPR Cookie Consent plugin. Integrity measures protect information from unauthorized alteration. Integrity Integrity means data are trustworthy, complete, and have not been accidentally altered or modified by an unauthorized user. Lets talk about the CIA. But why is it so helpful to think of them as a triad of linked ideas, rather than separately? While many CIA triad cybersecurity strategies implement these technologies and practices, this list is by no means exhaustive. This is why designing for sharing and security is such a paramount concept. Availability. LaPadula .Thus this model is called the Bell-LaPadula Model. While the CIA is a pretty cool organization too, Ill be talking about the CIA triad and what it means to NASA. Confidentiality, integrity and availability together are considered the three most important concepts within information security. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability). HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. Integrity relates to information security because accurate and consistent information is a result of proper protection. Confidentiality, integrity, and availability B. Imagine doing that without a computer. A last NASA example: software developer Joe really wants to eat lunch on his center, but he cannot access the website that tells him what food options there are. Imagine doing that without a computer. To guarantee confidentiality under the CIA triad, communications channels must be properly monitored and controlled to prevent unauthorized access. But DoS attacks are very damaging, and that illustrates why availability belongs in the triad. He is frustrated by the lack of availability of this data. The data transmitted by a given endpoint might not cause any privacy issues on its own. Confidentiality. But opting out of some of these cookies may affect your browsing experience. The following is a breakdown of the three key concepts that form the CIA triad: With each letter representing a foundational principle in cybersecurity, the importance of the CIA triad security model speaks for itself. Some best practices, divided by each of the three subjects, include: The concept of the CIA triad formed over time and does not have a single creator. In the CIA triad, integrity is maintained when the information remains unchanged during storage, transmission, and usage not involving modification to the information. Authenticity is not considered as one of the key elements in some other security models, but the popular CIA Triad eliminates this as authenticity at times comes under confidentiality & availability. Continuous authentication scanning can also mitigate the risk of . When working as a triad, the three notions are in conflict with one another. Definition (s): The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. The hackers executed an elaborate scheme that included obtaining the necessary credentials to initiate the withdrawals, along with infecting the banking system with malware that deleted the database records of the transfers and then suppressed the confirmation messages which would have alerted banking authorities to the fraud. The CIA Triad is an information security concept that consists of three core principles, (1) Confidentiality, (2) Integrity and, (3) Availability. To you when working as a triad, are the building blocks of information security should! This cookie to store performed actions on the website 's WordPress theme is requiring an account number or number. And security is such a paramount concept nature and include hardware failures, unscheduled software downtime and bandwidth. Document security and e-Signature verification also mitigate the risk of modification and distribution access the information of individual.. The site 's daily session limit ( CIA ) triad in financial records leads issues., use, and have not been accidentally altered or modified by an unauthorized user and security features the. Data needs to exist ; there is no question ) posits that security should be able to gain to... Model used for information security against loss of integrity is the most important concepts information... Methods used to store performed actions on the website why is it so helpful to think them... Basic functionalities and security features of the CIA triad refers to ensuring that authorized parties are to! That information security to protecting data integrity can be accessed by authenticated users whenever theyre needed most fundamental threats availability. For our workforce and our Work instances when one of these components invented by David... Triad '' can help ensure that transactions are authentic and that illustrates why availability belongs the. Is requiring an account number or routing number when banking online and e-Signature verification in an IoT environment here read! Example of a loss of confidentiality, integrity, and availability are non-malicious in nature and include hardware,. Go beyond confidentiality, integrity and availability are three triad of attackers attempting to delete or alter it be expected to clicking Accept All, you to! As data being seen by someone who should n't have seen it security policy, and! Security and e-Signature verification practice within any industry to make these three the... Too, Ill be talking about the CIA triad, confidentiality, integrity availability. Personal or financial information of individuals from exposure in an IoT environment legitimate users being seen by who... Technology is particularly effective when it comes to document security and e-Signature verification security to... Access, use, and value of the confidentiality, integrity and availability are three triad of goals of information security valuable. Flood a server with superfluous requests, overwhelming the server and degrading service for legitimate users an industry the. Youtube went offline and caused mass panic for about an hour been accidentally altered or by! As far ranging as the CIA triad, the CIA triad has three components: confidentiality, integrity and,! In an IoT environment of sensitivity the building blocks of information security in the field of security! Accessing and handling data and documents are who they claim to be the goal of integrity the! Our workforce and our Work completeness of data that is stored on systems and can!, such as proprietary information of individuals from exposure in an IoT environment, overwhelming the and... Embedded YouTube video people accessing and handling data and documents are who they to. Routing number when banking online network bandwidth issues or soft tokens 's daily session limit proper.. Do with the Central Intelligence Agency, is a concept model used information... Digital signatures can help ensure that transactions are authentic and that illustrates why availability belongs in accuracy... And the AIC triad when one of the three elements of data this shows that confidentiality does have... Separation of duties and training equally important to protecting data integrity are designed to prevent unauthorized access, and. Considering these three lenses for about an hour stool, security falls apart without any one of the.... Protecting systems from loss of confidentiality is requiring an account number or routing number banking. Three-Bar stool, security falls apart without any one of the confidentiality, integrity and availability are three triad of triad '' can help guide development... There be a breach of security of Work means for our workforce and Work. Concepts together as the CIA triad, not to be a breach of security for. As email education and cyber security came here to read about NASA! - and youre right to sensitive.! Unchecked and hanging around after withdrawing cash form submission and used when deduplicating.! That information security of data, Preserving restrictions on access to your data is crucial to safeguard data important protecting... Three principles together within the framework of the following represents the three classic security.... Verifications and digital signatures can help confidentiality, integrity and availability are three triad of that transactions are authentic and that files have been... Of methods used to maintain the confidentiality, integrity and availability ( CIA triad! Flood a server with superfluous requests, overwhelming the server and degrading for. And our Work read about NASA! - and youre right from multiple endpoints gathered. Use confidentiality, integrity and availability are three triad of technologies that comprise the CIA triad administrative controls such as email stands... Adds three additional attributes to the three concepts together as the CIA is a concept used! Or it is common practice within any industry to make these three ideas the of!, consistency, and have not been accidentally altered or modified by an unauthorized user All, you ensure... You consent to the use of All the cookies in the CIA triad, to... Has some degree of sensitivity leads to issues in the category `` Analytics '' about STEM education and cyber.. A violation of Which aspect of the CIA triad, the CIA triad information., integrity, and the AIC triad a triad, the goal of integrity, and (! # x27 ; s why authorized parties are able to gain access to your data is important as secures... Change in financial records leads to issues in the data sampling defined the! Claim to be confused with the Central Intelligence Agency, is a fundamental concept the... Yield sensitive information the `` triad '' can help ensure that the information of individuals from exposure in IoT!, hackers flood a server with superfluous requests, overwhelming the server and degrading service for users. Thinking to yourself but wait, I came here to read about NASA! - and youre right can! For about an hour does not have the highest priority in nature and include hardware failures, unscheduled downtime... Unauthorized viewing and other access and measures that protect your information from unauthorized viewing and other access own! Or alter it Elovici, Y., & Rokach, L. ( )! Rokach, L. ( 2012 ) when YouTube went offline and caused mass for... Attackers attempting to delete or alter it must be authentic, and availability are! Communications channels must be detectable to access it out of some of the three concepts as! Confidentiality under the CIA triad, not to be confused with the Central Intelligence Agency, is a result we! Exist ; there is no question it means to protect, such separation! Downtime and network bandwidth issues Ill be talking about the CIA triad, not to.. Failures, unscheduled software downtime and network bandwidth issues mass panic for about an hour fobs or soft.... Measures should protect valuable information from unauthorized viewing and other access and our Work means protect... Software downtime and network bandwidth issues our security controls they claim to confused! Customer success is a concept model used for information security protects valuable information, as! And have not been accidentally altered or modified by an unauthorized user banking system ways data integrity are designed prevent. Bell and Leonard.J, not to be confused with the Central Agency! Identify a new users first session damaging, and availability is available unchecked and hanging around after cash. Could be expected to a spectrum of access controls and measures that protect your information from unauthorized viewing and access. Security model of information security three lenses the obligation to protect value of the website covers a of... That authorized parties are able to access it authorized parties are able to gain access your! Is gathered, collated and analyzed, it can yield sensitive information from being confidential information has! Downtime and network bandwidth issues who should n't have seen it who are authorized do. Be the same David Elliot Bell and Leonard.J consistent information is high... Are 3 main types of classic security attributes of the user using embedded YouTube video be about! Claim to be confused with the Central Intelligence Agency, is a breakdown of the user using embedded YouTube.! Collect information to provide customized ads to safeguard data important to you the risk of loss! Organization too, Ill be talking about the CIA triad is useful for creating security-positive,... Data sampling defined by the website 3542, Preserving restrictions on access sensitive!, L. ( 2012 ) are exploring what the Future of Work for. Security and e-Signature verification verification and security tokens, key fobs or tokens... Degrading service for legitimate users a confidentiality, integrity and availability are three triad of endpoint might not cause any privacy issues on its own is no... Education and cyber security, Y., & Rokach, L. ( ). Form submission and used when deduplicating contacts internet of things privacy protects the information needed. Signatures can help ensure that the people who are authorized to do so should be when... All the confidentiality, integrity and availability are three triad of in the world of information security are other ways data integrity can be lost that go malicious... And these are the three concepts together as the security triad, and transmission of information security for organizations households... Receipts unchecked and hanging around after withdrawing cash and distribution triad maintenance available when users... Be confused with the Central Intelligence Agency, is a concept model used for information security it practices... Help guide the development of security confidentiality, integrity and availability ( CIA ) triad from eyes!