CYSE 200T Assignments

Write-Up: The CIA Triad

Posted by acomi002 on

Authentication and Authorization in the CIA Triad

https://www.nist.gov/image/cia-triad

BLUF

The CIA Triad is a cybersecurity model with the initialism of Confidentiality, Integrity, and Availability. Authentication verifies a user, and authorization determines what an authenticated user can do.

The CIA Triad

The CIA Triad, developed in the 1970s, identifies confidentiality, integrity, and availability as the three main objectives for cybersecurity. Samonas and Cross (2014) define the CIA Triad tenants as:

  • Confidentiality is the unauthorized release of information. An unauthorized person can read and exploit the da
  • Integrity is the unauthorized modification of information. An unauthorized person can modify the data.
  • Availability is the unauthorized denial of data. An unauthorized person can prevent authorized users from accessing or modifying data.

Authentication and Authorization

Two vital concepts, authentication and authorization, protect cybersecurity systems from failing to maintain the CIA Triad’s three tenets. Authentication is a process of verifying that the user is who they say they are by what they have or what they know. (Ruparelia, 2016). Passwords, biometric confirmation, or smart cards can be used to authenticate. Authorization always occurs after authentication and determines what the authenticated user is permitted to do in the system. Specific users are granted different roles, such as the ability to edit data.

Example

The online banking system uses the CIA Triad and the critical concepts of authentication and authorization.

  • Confidentiality
  • Authentication ensures that the account holder is granted access to their banking information after verifying their identity through two-factor authentication.
  • Authorization limits the account holder to only tasks designated by their role and permissions. They can view their account information but cannot access other people’s accounts.
  • Integrity
  • Authentication ensures that only the verified account holder can modify their account information or make transactions.
  • Authorization prevents users from making unauthorized changes to their banking data or account settings.
  • Availability
  • Authentication provides users access to their accounts anywhere they have internet access and protects them from being locked out of their accounts by unauthenticated users.
  • Authorization allows verified users to conduct banking transactions quickly and reliably. 

Conclusion

The CIA Triad model, Confidentiality, Integrity, and Availability, is a framework to guide cybersecurity policy. Authentication and authorization mechanisms verify users and grant them specific access. Understanding how the CIA Triad, authentication, and authorization all work together will ensure a robust cybersecurity system.

References

Ruparelia, N. B. (2016). Cloud Computing (1st ed.). The MIT Press. https://doi.org/10.7551/mitpress/14821.001.0001

Samonas, S., & Coss, D. (2014). The CIA strikes back: Redefining confidentiality, integrity and availability in security. Journal of Information System Security10(3).

Leave a Reply

Your email address will not be published. Required fields are marked *