The C.I.A – no not the Central Intelligence Agency, but CONFIDENTIALITY, INTEGRITY AND AVAILABILITY perhaps the three most important tenants of Information Security.

Confidentiality – Is the information meant for your eyes?

Confidentiality looks to the issue of authorization, ensuring information confidentiality means ensuring that the person or system accessing information is the authorized to do so; thus, without authorization, there should be no access.

Integrity – Is the information really what it purports to be?

Integrity speaks to the issue of trust:  that what is being represented is what was intended. Information that has been modified intentionally or unintentionally without authorization loses its integrity.  There should be controls in place to prevent this or at the very least detect such unauthorized modifications.

Availability – Is the information accessible to those who are entitled to it?

Availability looks at access to information, it is a waste of time, money and other resources to prevent access to information by legitimate users, in contemporary information systems it is common to make provisions for redundancy and information recovery in the event of incidents or disasters which threaten the availability of information.

In today’s age of information, when info-sec practitioners develop policies, standards, procedures and implement controls, it is always with the intent of preserving the confidentiality, integrity and or availability of information.