Information Security - CIA Triad and Control Types

Information security protects information per three attributes - confidentiality, integrity, availability (CIA) - using physical, administrative, and technical controls. Security differs from privacy: security protects information, while privacy decides what use/disclosure is authorized and includes the individual's right to control data.

Information security preserves three key attributes - the CIA triad: confidentiality (authorized access only), integrity (authentic and complete data), and availability (accessible to the authorized as needed).

Three types of security controls
Control type	Examples
Physical	Locks, security cameras, fences
Administrative	Incident response procedures, training
Technical	Firewalls, antivirus software, access logs

Security differs from privacy: security protects information (personal or not) from unauthorized access; privacy decides what use/disclosure should be authorized and includes the individual's right to control data (notice and choice). Security is necessary for privacy - if security is breached, privacy controls fail. The NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) is a voluntary strategic-planning tool.

Key terms - quick answers

What is “Confidentiality”?

Access to data is limited to authorized parties.

What is “Integrity”?

Assurance that data is authentic and complete.

What is “Availability”?

Knowledge that data is accessible, as needed, by those authorized to use it.

What is “NIST Cybersecurity Framework”?

A voluntary tool to manage and reduce cybersecurity risk with core elements Identify, Protect, Detect, Respond, and Recover.