Date: October 2025
From my first bug bounty submission to my CNS class, the CIA Triad has been at the core of everything I’ve learned about cybersecurity.
This semester, I have a new subject called CNS (Cryptography and Computer Networks) and the first thing my teacher taught was the goals of security, and the answer was CIA. Interestingly, I had already come across this concept while submitting my first bug report, when it asked about the CIA impact, which helped determine the severity of the bug and also showed how essential this concept is for understanding the threat model of a particular website.
You can think of the CIA Triad as a simple yet high-level checklist for evaluating security procedures and tools. It consists of three key principles — C (Confidentiality), I (Integrity), and A (Availability). Let’s understand what each of these means.
Confidentiality means keeping data private and accessible only to those who are authorized to see it. In other words, information should remain within the boundaries of who it’s meant for.
Humans, driven by curiosity, often try to access things that are intentionally hidden but in cybersecurity, this is not about curiosity, it’s about privacy and protection. Therefore, we must ensure that data remains confidential to maintain security.
In simple terms, confidentiality means only those with proper permission or authorization can access the information.
Some common ways to maintain confidentiality include authentication, authorization, encryption, passwords, and digital signatures. However, as defenders strengthen security, attackers continually develop new methods to exploit weaknesses. So, defenders must always stay one step ahead.
In simple terms, I am writing this blog, and I am the author. You are reading it as my blog, so you should not be allowed to make changes to it. It sounds pretty obvious but is actually quite profound if you think about it — because without integrity, the entire foundation of data and the trust that the internet is built upon would collapse. Integrity ensures that data is trustworthy, accurate, and free from tampering. The integrity of data is maintained only if it remains authentic, reliable, and unaltered.
If a company provides certain information, users must be confident that it’s correct; otherwise, their trust can be severely damaged. To preserve integrity, we must ensure that data cannot be modified by unauthorized or untrustworthy individuals.
Techniques such as hashing, encryption, digital certificates, and digital signatures help maintain data integrity. For websites, using trusted Certificate Authorities (CAs) ensures that users are visiting genuine and verified websites, preventing impersonation or tampering.
Even if data is confidential and its integrity is maintained, it becomes useless if it isn’t available to those who need it. Whatever I am saying or writing in this blog would be of no use if you weren’t able to read it. So, just as it’s important for data to be correct, it must also be available at the same time. Availability ensures that systems, networks, and applications function properly and remain accessible whenever required.
Individuals with authorized access should be able to retrieve information quickly and efficiently without unnecessary delay. In today’s digital world, downtime can cause massive losses — both financially and operationally.
One major threat to availability is a Denial-of-Service (DoS) attack, where attackers flood a server with excessive traffic, causing legitimate requests to fail.
To ensure high availability, organizations often implement redundant servers, backup networks, and failover systems — these automatically take over when the primary system is disrupted or fails.
The CIA Triad forms the foundation of all cybersecurity principles. Whether it’s protecting user data, securing websites, or assessing bug impacts, understanding Confidentiality, Integrity, and Availability helps us evaluate how secure a system truly is.
Together, they form the core of information security.
THANKYOU FOR READING!!! THIS WAS MY FIRST BLOG!