Glossary
CIA Triad
The foundational information security model defining three properties every system must protect: Confidentiality (data accessible only to authorised parties), Integrity (data accurate and unaltered) and Availability (systems accessible when needed).
Term: CIA Triad
The CIA Triad is the foundational information security model defining three properties every system must protect: Confidentiality (data accessible only to authorised parties), Integrity (data accurate and unaltered) and Availability (systems accessible when needed).
Why it matters
The CIA Triad underpins ISO 27001, SOC 2 and most enterprise security frameworks used across UK regulated sectors. Auditors, regulators and procurement teams assume CIA properties as the baseline against which controls are designed and tested.
For AI systems the triad still applies, but classic controls miss new failure modes. Confidentiality is challenged by data exfiltration through model outputs. Integrity is challenged by training-data poisoning and adversarial inputs. Availability is challenged by model degradation and upstream dependency failures. Organisations citing ‘CIA compliance’ for AI deployments often have not assessed these AI-specific extensions.
How it works in practice
A traditional CIA assessment checks encryption, access controls, change management and uptime monitoring. An AI-aware assessment additionally examines training-data provenance, prompt-injection resistance, output filtering and model-serving redundancy. Where these gaps appear, the CIA+EFT Framework extends the triad with Explainability, Fairness and Traceability.
Related terms: CIA+EFT Framework, AI Security Gap Analysis.
Want this in context?
See how this term fits into the broader programme of work.