In cybersecurity, Confidentiality, Integrity and Availability for the "CIA Triad" that served to define the purpose of cybersecurity. The CIA Triad concept is meant to balance these principles as a “three-legged stool” where all three legs are needed, or the stool topples over.
In 2017, ComplianceForge published the Confidentiality, Integrity, Availability & Safety (CIAS) replacement for the traditional CIA Triad. With embedded technologies (e.g., Internet of Things (IoT) and Operational Technology (OT)) and the rise of Artificial Intelligence (AI) and autonomous technologies (AAT), the lack of a safety component makes the CIA Triad insufficient to define the concept of what cybersecurity is meant to perform.
Protecting an organization's data and the systems that collect, process and maintain this data is of critical importance. Commensurate with risk, cybersecurity and privacy measures must be implemented to guard against unauthorized access to, alteration, disclosure or destruction of data and systems, applications and services. This also includes protection against accidental loss or destruction.
The security of systems, applications and services must include controls and safeguards to offset possible threats, as well as controls to ensure confidentiality, integrity, availability and safety:
When you overlay real-world examples onto the CIAS model, it becomes clear how the CIAS model can help communicate cybersecurity and data protection requirements.
Secure Controls Framework (SCF)
Secure Controls Framework (SCF) "Premium Content" - Editable Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video When you click the image or the link below, it will direct you to a different page on...
ComplianceForge - NIST 800-171 & CMMC
NIST 800-171 Rev 2 & Rev 3 / CMMC 2.0 Compliance Made Easier! The NCP is editable & affordable cybersecurity documentation to address your NIST 800-171 R2 / R3 and CMMC 2.0 Levels 1-2 compliance needs. When you click the image or the link...
