CIA – Quick Guide

September 9, 2016 | Views: 6112

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

A colleague – who is quite “techie”, had no idea what CIA meant. People may laugh at this, but to be honest until a few years ago I was the same. It is easy, as say a desktop support guy, to concentrate on your job and not look at data risk, techies like techie stuff, and information security and data retention policies bore them to death.

The principles of CIA are logical and common sense, but put someone on the spot “What is CIA?” then they have not got a clue.

So many people will say “I know what CIA is”, and may feel this post is pointless, but just because you know it, doesn’t mean everyone does. My colleague is a pretty smart guy, but reading up on perhaps the more “boring” side of data security for a techie, wasn’t high on his list.

Here’s the kicker, if you go for a security job, if you are asked about CIA in an interview and have no idea what they are talking about, you are not going to get the job. You can’t work in IT Security and not know what CIA means. Not knowing CIA in an interview is a BIG school boy error.

Below is what I sent him as an email. Relating it to yourself helps you understand it, so hopefully people who have heard of CIA but not paid too much attention to it, can read this and “get it”.


CIA (Confidential, Integrity, Availability) is a big thing in Information Security. Whenever you are assessing an incident, you’ll need to think about which of these elements has been compromised.

A lot of “human error” I encounter is preventable, it is about people being lazy and taking shortcuts, or simply not relating the work they do (and the care they need to show), to how it could affect a real person.

If you apply things to your viewpoint or your children, then suddenly surprise-surprise the penny drops and people get it.

In assessing if there has been a data breach, you can apply CIA to it eg.

Relating CIA to real life – against yourself as an individual;

Medical records are confidential – should only be accessed by the people that need access – eg. medical staff, Doctors; records accessed by unauthorised people can cause distress

Medical records should have integrity – should be accurate, your health/life could depend on it

Medical records should be available – if not available, the ability to provide the right care could put your health/life at risk

Bottom line – your health and well-being is at risk. If your health and well-being or that of your child is important – so is the health and well-being for other people. Relate a situation to yourself, then flip and translate it to another person.

The key thing that needs getting across to end users, especially about risk is relating it to themselves. Once they understand that side, they can relate it better to other people and situations.

Thanks for reading. If you like it and would like more posts like this, let me know in the comments!

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. I WANT MORE!!!!!!

  2. Good explanation

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?