Information security is fundamentally built on theCIA triad:Confidentiality, Integrity, and Availability. These three principles form the cornerstone of nearly all cybersecurity frameworks, including NIST, ISO/IEC 27001, and CIS controls.
Confidentialityensures that information is accessible only to authorized individuals and systems.
Integrityensures that data remains accurate, complete, and unaltered except by authorized actions.
Availabilityensures that systems and data are accessible to authorized users when needed.
Accessibility, while related to usability and system design, isnota core pillar of information security. In fact, security controls often intentionallylimitaccessibility to protect systems and data. Accessibility focuses on ensuring ease of access (often in the context of user experience or disability access), whereas security focuses oncontrolled access.
Confusing accessibility with availability is common, but they are not the same. Availability is about reliable access forauthorized users, while accessibility is about ease of access in general. Therefore, accessibility is not one of the foundational elements upon which information security is built.
This distinction is critical for understanding security architecture and governance.
