Q: Describe the CIA Triad and the differences between Authentication & Authorization, including an example.

The CIA triad is a guiding model that is used by organizations, companies and businesses to help ensure that their cybersecurity policies abide by the three main concepts it stands for – confidentiality, integrity and availability. These concepts that form the triad are fundamental and crucial in the information security world.

Individually, they can be broken down and explained as follows: Confidentiality is essentially a set of rules that limits access to information. (Chai, 2022.) It is an ideal meant to protect important data or information from being accessed by unwanted or unauthorized parties. Various amounts of security can be applied to information based on how sensitive it is. An example of how this can be implemented is by enforcing two-factor authentication for users that wish to have access. Integrity can be described as the assurance that protected information is trustworthy and accurate. (Chai, 2022.) At no point would a legitimate user of a network want data to be changed or altered by an unauthorized user or during transfers. Because of this, data may be integrated with checksums. In this case, it’s necessary to have backups of data to revert to. Availability means the guarantee of reliable access to the information by authorized people. (Chai, 2022.) Important information should be accessible at most if not all times for users that need it. Keeping up with system updates and upgrades, either hardware or software, is paramount in the quest to keep devices from crashing and keep information accessible.

There is a key difference between authentication and authorization even though both processes are involved in cybersecurity practices that ensure that specific data is accessed by only people who should have access to it. Authentication is the process of verifying who someone is, while authorization is the process of verifying what specific applications, files, and data someone has access to. (SailPoint, 2023.) For example, when working at a hospital or office building, everyone has their own set of credentials to log into the network with. This is the application of authentication. Then, once a user signs in, they usually have access to different data based on their position in the organization or what their job is. This is the application of authorization. In conclusion, both the CIA triad and the processes of authentication and authorization are essential to the protection of sensitive data that is needed by people every single day. Each concept and process have its own important role in achieving that goal, therefore organizations should strive to uphold the ideals of the triad and implement both authentication and authorization to their best ability.