The Attacker Mindset: The DAD Triad

We typically define security as the total of confidentiality, integrity, and availability. These three components (which are known as the CIA triad) are the foundations of any well-designed information security practice. We adopt security policies in enterprises or individually model the CIA triad from a protection perspective. However, attackers have their own model too. This model consists of three pillars: disclosure, alteration, and denial (which is also abbreviated as the “DAD” triad). In this blog post, we are going to examine each of the DAD triad components and how they connect to their CIA triad equivalents.

Disclosure, Alteration, and Denial (DAD)

The DAD triad defines the three key strategies used to defeat an organization’s security aims.


Disclosure is an unauthorized party gaining access to sensitive information. As an individual or a security practitioner, you may fail to meet the confidentiality in some way. There are many possible ways for an attacker to access sensitive information in your business. Here are some examples of the disclosure:

  • An unauthorized person or attacker finds a way to access your personal computer or company-issued device and reads sensitive material.

  • A company insider sells sensitive business materials to a competitor or illegitimate third parties.

  • A simple bug or design flaw which allows your users to view sensitive information like user names, and account details of other customers.


When security instruments fail to protect data integrity, data transforms. This unauthorized modification may be unintentional or malevolent.

Here are some examples of the data alteration:

  • An administrative employee untrained in the use of a database may accidentally delete records while trying to retrieve a report.

  • An administrator destroys records while attempting to retrieve an annual report.

  • A malicious person gains access to a company’s personal health records. He or she changes some employees’ social security numbers (SSN).

Denial and Destruction

Preventing legitimate users from accessing a system, resource is denial of service. Denial of services includes activities such as preventing users from accessing it until IT personnel restore it to normal working order or activate a backup system.


The procedure of preventing illegitimate access, modification, disclosure, interruption, or denial of information is what we aim to achieve as security practitioners. In this blog, we have examined components of the DAD triad, and how they relate to confidentiality, integrity, and availability of information.

As an expert, while designing an organizational security posture, you must keep all of these perspectives in mind. It is your obligation to ensure that people understand the importance of information security to their business and the potential consequences of their actions.

Do you want to get practical skills to work in cybersecurity or advance your career? Enrol in MCSI Bootcamps!