Leave it to my son Kody, who is starting his Cyber Security career to come up with this novel way to explain the CIA triad for Cyber Security.
In InfoSec terms, CIA refers to Confidentiality, Integrity, and Availability. To illustrate how these principles work, let’s look at Calvin and Hobbes.
Calvin and Hobbes create a club called the “Super-Secret-No-Icky-Girls-Allowed” club. During their very first treehouse meeting, they draft a document entitled “member list” and write the names “Calvin” and “Hobbes” on the list. This list is the club’s most valuable asset so Calvin and Hobbes need to maintain the CIA of the asset. The confidentiality of the list is critical as the exposure of the secret member list would cause the entire super-secret club to lose its purpose. The integrity of the list is also important to ensure that unauthorized modifications of the list can’t be made. It would be terrible if Susie’s name were to make it on the list of if Calvin’s name were to be removed. Lastly, the availability of the list is important. When the club meets to have their secret meetings, they need the list do roll call and to ensure that those in attendance are listed.
So now that we’ve got the idea, we can explain how CIA works for business assets. The confidentiality of the asset is necessary to ensure that only those with appropriate privileges and appropriate need can see the asset. The integrity of the asset is necessary to ensure that the data has not been changed and, if it has, a log of changes is kept. The availability of the asset is necessary because it is not of any value if no one can interact with it for its intended purpose.