What are the core goals (Kernziele) of information security?
Confidentiality, Integrity, and Availability — the classic CIA triad (Vertraulichkeit, Integrität, Verfügbarkeit).
* The CIA triad: Vertraulichkeit, Integrität, Verfügbarkeit — the three core goals every control maps to. *
| Goal | Means | Broken when… |
|---|---|---|
| Vertraulichkeit (Confidentiality) | Only authorised parties can read information | Data leak, eavesdropping, stolen laptop |
| Integrität (Integrity) | Data cannot be altered undetected | Tampered file, malware-modified config |
| Verfügbarkeit (Availability) | Authorised parties can access information when needed | DDoS, ransomware, hardware failure |
These three are explicitly listed in ISO/IEC 27000:2018, clause 3.28, the formal definition of "information security."
Why these three and not others? Every other security property eventually decomposes into one of them. A signed PDF needs integrity; a session cookie needs confidentiality; an emergency hotline needs availability.
Tip: When designing a control, ask "which letter of CIA am I protecting?" If you can't answer, you're probably building something cosmetic. A backup protects A; encryption protects C; a hash protects I.
Go deeper:
Information security — the CIA triad — canonical treatment of confidentiality, integrity and availability as the core security goals.