Devin Prasad ← Tools

Security · Fundamentals

The CIA Triad

The three properties every security control ultimately serves — Confidentiality, Integrity, and Availability. Click a pillar to see what threatens it and what defends it, then check the matrix below to see which pillars a given attack actually breaks.

→ OSI Model Reference → Security Headers Analyzer → Certificate Decoder

Threat → pillar matrix

Most real attacks hit more than one pillar. Click any row for how it works and how it's countered.

Attack / incident CIA
Confidentiality Integrity Availability

Beyond the triad: the CIA model is the foundation, not the whole picture. Its mirror image is the DAD triad — Disclosure, Alteration, Destruction — the three things attackers are trying to do. The Parkerian hexad extends CIA with Authenticity, Possession/Control, and Utility to cover cases the three classic pillars handle awkwardly. Use CIA to reason about why a control exists; reach for the extensions when it doesn't fit cleanly.