Confidentiality would be prioritized above integrity and availability in any system that relates to a nation’s military operations. For example, if the USA has a system or application that holds top secret data, it would be vital that only the personnel with top secret clearance have the ability to access that data. It could be argued that integrity is also a vital part of military operations, and it absolutely is necessary. In an article written to elaborate on the CIA triad the author writes, “many of the methods for protecting confidentiality also enforce data integrity: you can’t maliciously alter data that you can’t access” (Frulinger, 2020). When debating between most important, It seems keeping the top secret information encrypted and only visible to persons allowed access is most important. But does also protect the systems integrity at the same time.
While integrity and confidentiality tend to compete for primary importance as it relates to top secret data, I feel integrity would take priority over confidentiality when it comes to educational institutions. The system would have to combate data being altered, such as grades, classes taken, personal information on students and even the links posted for students to use as additional educational information. The last example could lead to students’ personal information being at risk, or their PC or laptops being hacked.
An example of where availability in the CIA triad would be prioritized over confidentiality and integrity would be related to healthcare organizations. For example, an application that hospitals use to take physical patient data and save it to the patient’s electronic medical record. Doctors, who are not able to be physically present with the patient, rely on the system to record the data so they can review it on the application in real time. This physical data could be a most recent “vital sign” that can indicate if a patient is in the process of deteriorating. If there were to be a security breach in the data’s availability it has the potential to have a severe impact on the healthcare organization. Meaning it can directly impact an individual’s well-being and therefore the organization’s reputation.
Overall, all three dimensions are important to a system’s security. It would be important for a security expert to really look at all three angles or more and decide how an individual organization can be best protected from threats.
Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. CSO Online. Retrieved February 25, 2022, from
Confidentiality is essential for any well secured system where the data that is contained in the systems contains information that must not be made available to the unauthorized. A good example of a modern system with confidentiality would be a VPN service. Such services advertise their ability to help anonymize a user’s online profile by masking their true IP with a separate network. Several companies also advertise a ‘no-log’ policy in which records about the user are not only encrypted to prevent anybody that is not the user from obtaining user information but also feature deletion of user information or lack of storing user details as the service is used. Confidentiality of the system is paramount here as it must ensure that it appropriately masks the user’s details at all times. Furthermore, a lack of confidentiality could have disastrous consequences for the users. Many VPN users are in totalitarian states or countries where freedom of speech or information is heavily regulated or outright forbidden. Thus, ensuring that data is safeguarded and appropriately confidential is essential for maintaining user’s safety.
Where the integrity of a system is more important than availability or confidentiality is in an essential service, often of a near universal or critical nature, such as is found in the municipal providers. Such integrity means the system must resist failure at critical intervals, be robust and furthermore, restrict its modification and control is only performed by those with the correct authority. A system with good integrity will be able to track all changes, verify authenticities of users, and correctly record actions or changes made. An example of an information system with integrity as greater than confidentiality or availability would be access control to a datacenter, typically through users’ tokens to verify their identity, and the time that they logged in or used their access tokens along with their location data. Additional measures beyond a user token may be restricting physical areas of the data storage; i.e., a classified and non-classified side for a base, with access restrictions for both to only authorized users. In this instance, the integrity of the system may be more important than the confidentiality of the system, or the availability as it allows the information system to be aware of where data and users along with whom is modifying or accessing files at all times, if confidentiality measures have failed.
Lastly availability requires that data be always ready for the correctly authorized users. An example of a system where availability might be more important than security would be availability for an educational system with an online classroom. With an online classroom, it must be available at all times, to ensure that students can adequately research data or perform assigned tasks. If the system is not always available to students, the online nature of such a system means all HW or teaching will be postponed.
The CIA triad is quite essential for an information systems’ security. There may be instances in which one element can be more important than another, but they are not exclusive of each other. Instead a careful balance must be maintained for the given requirements.
Artur Sosin. (2018). How to Increase the Information Assurance in the Information Age. Journal of Defense Resources Management, 9(1), 45–57.
Lasky, J. (2021). Confidentiality, integrity, and availability (CIA triad). Salem Press Encyclopedia.
Chapter 11 – Computer Network Defense. (2014). Cyber Warfare, 193–205. https://doi-org.ezproxy.umgc.edu/10.1016/B978-0-12-416672-1.00011-8
de Oliveira Albuquerque, R., García Villalba, L. J., Sandoval Orozco, A. L., Buiati, F., & Tai-Hoon Kim. (2014). A Layered Trust Information Security Architecture. Sensors (14248220), 14(12), 22754–22772. https://doi-org.ezproxy.umgc.edu/10.3390/s141222754