CIA: Not the Central Intelligence Agency

Historically, risk managers divide information asset protection measures into three broad categories: confidentiality, integrity, and availability. The categories are relatively simple to remember as CIA; not to be confused with the well-known intelligence agency. Think of CIA applying to the three critical asset pillars of human resources, data, and physical facilities. Confidentiality considers sensitive assets that must be secure and protected from unauthorized eyes. Integrity references the whole quality of the asset, meaning it is free from degradation and preserved in the form intended by its owners. Availability is the quality all assets need. They should be accessible by authorized persons when they are required.