The CIA (Confidentiality/Integrity/Availability) triad is a model used to assess the security of information and IT systems. It focuses on the three key aspects of data security:
- Confidentiality: This refers to the protection of confidential and sensitive data against unauthorised disclosure to third parties. The level of confidentiality can be measured in terms of the financial or reputational impact on a company if data is disclosed to the public.
- Integrity: This refers to the protection of data against unauthorised modifications. The level of integrity can be measured in terms of the cost of an error or mistaken modification of the data.
- Availability: This refers to users’ ability to access data and computer systems when needed. The level of availability can be measured in terms of the costs associated with an interruption or failure of IT systems.
The CIA triad helps organisations understand their IT security risks and address them accordingly to ensure that critical data is protected appropriately.
Some questions to ask yourself:
- Confidentiality: What would be the impact, as a percentage of your turnover, if your confidential data were disclosed to the public?
- Integrity: What would be the extent of the damage if data were modified? (Example of calculation: What would be the damage if invoices could no longer be sent?)
- Availability: What would be the financial impact if your data were no longer accessible? Example calculation: (number of employees at time of shutdown) x (number of hours) x (hourly wage)
