The Information Security goals - Confidentiality, Integrity and Availability (CIA) - are often referenced to as the CIA triad.
As I am writing my master thesis, I am wondering to which resource I should put my reference on the CIA triad?! I've done some research on this, but it's still unclear where it originated.
It depends on whether you are talking about the concepts, the terminology, or the acronym.
Concepts of confidentiality, integrity and availability of information have been used by war generals for quite some time; for instance, one can see Julius Caesar operating along these lines during the Gallic Wars and he was certainly not the first to grasp the importance of intelligence gathering, deception, and secure communications. In fact, the very fact that Caesar was using his own primitive encryption algorithm shows that he was envisioning some interception of his messages, which implies that his enemies, although described as somewhat rustic barbarians, also mastered the said concepts.
For each actual term, see for instance this blog post from someone who apparently tried to trace their origin in an InfoSec setup, with mixed success. We may infer that finding the first use of "confidentiality", "integrity" and "availability" for information security is not an easy task, and may, at best, be ill-defined (the words existed way before "information security" became a thing, and that event is not clear-cut either, since, as said above, InfoSec was yet unnamed but already put to practice more than 2000 years ago).
The acronym (CIA) and the expression "CIA triad" seem lost in the mists of times. I see many references from the 1990s, during which some people were proposing extensions (e.g. the Parkerian Hexad) and invariably talked of "the classic CIA triad" without any reference. One can thus surmise that 20 years ago, the expression was already old and hard to pinpoint. This usually means that the acronym was not coined in a groundbreaking, seminal and well-known paper, but more probably by an inebriated researcher in the nightly aftermath of some obscure academic meeting; presumably, the coincidence with the acronym for the well-known intelligence agency met some appreciative resonance in the assembled party, and beery guffawing was likely involved.
It must be noted that cryptographic academic circles use a cousin triad: "confidentiality, integrity, authenticity", whose origin is equally untraceable.
For a thesis, there is a wonderful typographic gimmick called a footnote, which is the right place to include wisecracks, pedantic notes and other attempts at literary flourishes. I suggest something along the lines of: "The exact origins of the 'CIA Triad' expression appear to be unknown, but the underlying concepts were already operative in military contexts millennia ago, as can be seen in the works of the consulus, pontifex maximus Gaius Julius Caesar." (with a reference to the De Bello Gallico, preferably the 1519 illuminated manuscript currently kept by the British Library).
