> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/wgu-network-engineering-and-security/ethics-in-technology/ethics-in-information-technology-textbook/chapter-3.-cyberattacks-and-cybersecurity/the-cia-security-triad.md).

# The CIA Security Triad

Let me summarize and teach the lesson using the **Pareto Principle** with a **fun and ADHD-friendly approach**. I'll focus on the **20% of key concepts** that provide **80% of the understanding** you need.

***

#### **CIA Triad in Cybersecurity: Focused and Fun Breakdown**

**Overview: The CIA Triad**

In cybersecurity, the **CIA Triad** stands for:

1. **Confidentiality**: Only authorized individuals can access sensitive information.
2. **Integrity**: Data should be accurate and trustworthy, only changeable by authorized parties.
3. **Availability**: Systems and data should be accessible when needed—think **99.999% uptime** as an ultimate goal.

The **CIA Triad** is the **20% that covers 80% of cybersecurity**. It forms the backbone of how organizations secure their data, ensuring it's kept secret, accurate, and accessible.

***

#### **Layered Security: Making Life Hard for Hackers**

No system is completely immune to attacks, so the key is **layered security**—multiple levels that make break-ins so difficult that attackers give up or get caught. Think of it as an onion: **if a hacker peels one layer, there’s still more to go**.

Here are the **layers** from **organization** to **end-user**, and how they contribute to the CIA triad:

**1. Organization Level: Big Picture Controls**

* **Key Measures**: Risk assessments, disaster recovery plans, security policies.
* **Core Focus**: Setting a strategy to guide **all other security efforts**.

> **Cybersecurity Application**: At this level, you're putting rules in place that everyone has to follow—like deciding what to do if there's a major data breach.

**2. Network Level: The Protective Gatekeeper**

* **Key Measures**: Firewalls, routers, VPNs, encryption, intrusion detection systems.
* **Core Focus**: Ensuring the **network is a fortress**—guarding access points to keep unauthorized users out.

> **Cybersecurity Application**: Imagine firewalls are your guards at the gate, and encryption is your secret message inside the castle—it's all about **keeping bad actors out**.

**3. Application Level: Access and Control**

* **Key Measures**: Authentication methods, roles & permissions, data encryption.
* **Core Focus**: **Who gets access to which tools and data** within your organization's software.

> **Cybersecurity Application**: Only certain employees can access sensitive applications. For instance, a finance employee should not see HR payroll details.

**4. End-User Level: The Human Factor**

* **Key Measures**: Security education, antivirus software, end-user authentication.
* **Core Focus**: Educating users—**often the weakest link** in security.

> **Cybersecurity Application**: Users are taught how to create strong passwords and recognize phishing emails—**basic but essential skills** that cover 80% of the human vulnerabilities.

***

#### **Main Concepts to Remember:**

* **CIA Triad** is the ultimate goal of any cybersecurity strategy.
* **Layered Security** acts as multiple barriers for attackers.
* **Network-level controls** (like firewalls and VPNs) are the first line of defense.
* **End-users** need awareness training—people can either be a strong defense or a weak point.

***

#### **Why All This Matters in Cybersecurity**

* **Layered security** means attackers face **multiple hurdles** to breach a system.
* Ensuring **confidentiality, integrity, and availability** at every level—from organization to end-user—is the best way to minimize risks.

By focusing on these **20% of concepts**—**CIA Triad, layered security, and roles at each level**—you'll understand the **most impactful areas** in securing data and systems.

***

#### **References**

* Reynolds, G. W. (2023). *Ethics in Information Technology*. Cengage Learning
