Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
Understanding the CIA Triad: A Beginner’s Reflection on Security Fundamentals
CIA Triad: The Three Core Pillars of Information Security
I’m still quite new to security. As I read and explore more, I’m starting to see that while the fundamentals aren’t necessarily complicated, they definitely require careful thinking.
This post is more like a personal note — something I’m writing down to help myself understand better, and maybe it’ll also help someone else who’s learning, just like me.
It’s not meant to be overly academic or authoritative. Just sharing what I’ve understood so far.
Confidentiality
Goal: Ensuring that only authorized people can access specific information.
Confidentiality is probably the first thing most people think of when they hear “security.” It’s about protecting sensitive data — personal information, customer records, financial documents, intellectual property — from falling into the wrong hands.
At first, I thought of this as something simple, but now I see how small oversights (like a misconfigured access setting or an email sent to the wrong person) can easily become a serious issue.
Examples of implementation:
- Access controls (who can access what)
- Data encryption (e.g., using AES)
- Multi-factor authentication (MFA)
- Role-based permissions (especially in databases)
Examples of confidentiality breaches:
- Sending payroll data to the wrong recipient
- An exposed, unencrypted database
- Accidentally making a private cloud folder public
Confidentiality is really about being able to answer one basic question:
“Can the right people access the data, and are the wrong people blocked from it?”
Integrity
Goal: Making sure data remains accurate, complete, and unaltered.
This is one I didn’t fully appreciate at first — but it’s a big deal. Integrity is about ensuring that information hasn’t been tampered with in any way, either accidentally or intentionally. If data has been modified without authorization, it becomes untrustworthy.
Think of a transaction record that’s been changed, or a file that’s had malicious code inserted without anyone noticing.
Examples of implementation:
- Hashing (e.g., SHA-256) to verify data consistency
- Digital signatures
- Version control systems (like Git)
- Securing log files against tampering
Examples of integrity violations:
- Editing the amount on an invoice
- Injecting malicious code into a software file
- Deleting or modifying system logs to hide activity
Integrity is all about trust — if the data isn’t what it’s supposed to be, then everything built on it becomes questionable.
Availability
Goal: Ensuring systems and data are accessible when they’re needed.
This one surprised me a bit when I first learned it. I used to think of security as “keeping people out” — but availability is about making sure the right people can actually get in when needed.
A system can be super secure, but if no one can access it, it’s not very useful. This principle is especially critical for services like online banking, healthcare systems, or any time-sensitive application.
Examples of implementation:
- Backups (regular and offsite)
- DDoS protection services
- Load balancing
- UPS (uninterruptible power supply) and disaster recovery planning
Examples of availability issues:
- A website taken down by a DDoS attack
- No backup available after a server failure
- An unprepared data center that shuts down during a disaster
Availability is often tied to business continuity. It’s not just about uptime — it’s about resilience.
Why the CIA Triad Matters
What really clicked for me while learning this was how almost every security measure ties back to one or more of these three pillars.
If something goes wrong in a system, chances are it’s one of these:
- A confidentiality failure (data leaked)
- An integrity failure (data altered)
- An availability failure (system down)
When we apply a security solution or control, we’re usually protecting one of these — even if we don’t consciously think about it that way.
Writing this helped me get my thoughts together and reflect on what I’ve learned so far.
There’s still a lot I don’t know, but understanding these three core principles — confidentiality, integrity, and availability — gave me a framework to make sense of a lot of other things.
If you’re also just starting out in security, I honestly think learning the CIA Triad is one of the best ways to get oriented.