Understanding the Basics: Confidentiality, Integrity and Availability

Confidentiality, integrity, and availability, often known as CIA, are the building blocks of information security .

Any attack on an information system will compromise one, two, or all three of these components. Based on which of these components is being compromised the most, efficient security controls can be designed accordingly.


In layman’s terms, something that is confidential is secret and is not supposed to be disclosed to unintended people or entities. What’s the first thing that comes to your mind that needs to be kept confidential? Probably
your passwords and ATM PINs . There may be many parameters and information items that need to be kept confidential during a particular communication. If confidentiality is compromised, it might result in
unauthorized access to your systems or severe loss to your privacy!


In context of the information security (InfoSec) world, integrity means that when a sender sends data, the receiver must receive exactly the same data as sent by the sender. For example, if someone sends a message “Hello!”, then the receiver must receive “Hello!” . Any addition or subtraction of data during transit would mean the integrity has been compromised.


Availability implies that information is available to the authorized parties whenever required. For example, consider a server that stores the payroll data of company employees. The finance team wants to access it at of fiscal year-end for some reporting purpose. If the server is able to provide all the requested information to the requestors, then its availability is considered good and healthy. But if the server goes down at all (for any intentional or unintentional reason), and the finance team is not able to retrieve required data in time, then we say that the information availability has been affected or compromised.

During an attack on a computer system, at least one of the three, confidentiality, integrity or availability, is affected or compromised.

Various attacks on Confidentiality, Integrity and Availability

Attacks that affect Confidentiality are:
Packet sniffing, password cracking, dumpster diving, wiretapping, keylogging, phishing

Attacks that affect Integrity are:
Salami attacks, data diddling attacks, session hijacking, man-inthe- middle attack

Attacks that affect Availability are :
DoS and DDoS attacks, SYN flood attacks, physical attacks on

Write a comment