What does the CIA triad stand for, and how do they relate to security design?

The CIA triad defines three security goals: confidentiality, integrity, and availability. These goals shape security design because every control you add is aiming to protect one or more of these properties, and you often have to balance them. For example, encryption strengthens confidentiality by preventing unauthorized reading of data, but it can introduce processing overhead, latency, and key-management risks that affect availability if performance suffers or access is hampered. In design, you weigh how to keep data private, ensure it isn’t tampered with, and still keep systems usable and accessible to authorized users. The triad isn’t about privacy alone or incident response, and terms like non-repudiation or accessibility aren’t the standard trio. So the idea that these goals guide controls and require trade-offs in design decisions—illustrated by encryption potentially impacting availability—is the best fit.