{"id":490,"date":"2024-12-02T12:33:31","date_gmt":"2024-12-02T17:33:31","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/aaroncominio\/?p=490"},"modified":"2024-12-02T12:37:43","modified_gmt":"2024-12-02T17:37:43","slug":"authentication-and-authorization-in-the-cia-triad","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/aaroncominio\/2024\/12\/02\/authentication-and-authorization-in-the-cia-triad\/","title":{"rendered":"Write-Up: The CIA Triad"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\">Authentication and Authorization in the CIA Triad<\/h1>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"960\" height=\"698\" src=\"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-content\/uploads\/sites\/36931\/2024\/12\/image.png\" alt=\"\" class=\"wp-image-491\" srcset=\"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-content\/uploads\/sites\/36931\/2024\/12\/image.png 960w, https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-content\/uploads\/sites\/36931\/2024\/12\/image-300x218.png 300w, https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-content\/uploads\/sites\/36931\/2024\/12\/image-768x558.png 768w, https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-content\/uploads\/sites\/36931\/2024\/12\/image-413x300.png 413w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/><\/figure>\n\n\n\n<p class=\"has-text-align-right has-cyan-bluish-gray-color has-text-color has-link-color wp-elements-baf76577ebf854d571cae5038d12e429\"><a href=\"https:\/\/www.nist.gov\/image\/cia-triad\"><sup>https:\/\/www.nist.gov\/image\/cia-triad<\/sup><\/a><\/p>\n\n\n\n<p><strong>BLUF<\/strong><\/p>\n\n\n\n<p>The CIA Triad is a cybersecurity model with the initialism of Confidentiality, Integrity, and Availability. Authentication verifies a user, and authorization determines what an authenticated user can do.<\/p>\n\n\n\n<p><strong>The CIA Triad<\/strong><\/p>\n\n\n\n<p>The CIA Triad, developed in the 1970s, identifies confidentiality, integrity, and availability as the three main objectives for cybersecurity. Samonas and Cross (2014) define the CIA Triad tenants as:<\/p>\n\n\n\n<ul>\n<li><strong>Confidentiality<\/strong> is the unauthorized release of information. An unauthorized person can read and exploit the da<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Integrity<\/strong> is the unauthorized modification of information. An unauthorized person can modify the data.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Availability<\/strong> is the unauthorized denial of data. An unauthorized person can prevent authorized users from accessing or modifying data.<\/li>\n<\/ul>\n\n\n\n<p><strong>Authentication and Authorization<\/strong><\/p>\n\n\n\n<p>Two vital concepts, authentication and authorization, protect cybersecurity systems from failing to maintain the CIA Triad\u2019s three tenets. Authentication is a process of verifying that the user is who they say they are by what they have or what they know. (Ruparelia, 2016). Passwords, biometric confirmation, or smart cards can be used to authenticate. Authorization always occurs after authentication and determines what the authenticated user is permitted to do in the system. Specific users are granted different roles, such as the ability to edit data.<\/p>\n\n\n\n<p><strong>Example<\/strong><\/p>\n\n\n\n<p>The online banking system uses the CIA Triad and the critical concepts of authentication and authorization.<\/p>\n\n\n\n<ul>\n<li><strong>Confidentiality<\/strong><\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Authentication ensures that the account holder is granted access to their banking information after verifying their identity through two-factor authentication.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Authorization limits the account holder to only tasks designated by their role and permissions. They can view their account information but cannot access other people\u2019s accounts.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Integrity<\/strong><\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Authentication ensures that only the verified account holder can modify their account information or make transactions.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Authorization prevents users from making unauthorized changes to their banking data or account settings.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li><strong>Availability<\/strong><\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Authentication provides users access to their accounts anywhere they have internet access and protects them from being locked out of their accounts by unauthenticated users.<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Authorization allows verified users to conduct banking transactions quickly and reliably.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Conclusion<\/strong><\/p>\n\n\n\n<p>The CIA Triad model, Confidentiality, Integrity, and Availability, is a framework to guide cybersecurity policy. Authentication and authorization mechanisms verify users and grant them specific access. Understanding how the CIA Triad, authentication, and authorization all work together will ensure a robust cybersecurity system.<\/p>\n\n\n\n<p><strong>References<\/strong><\/p>\n\n\n\n<p>Ruparelia, N. B. (2016).&nbsp;<em>Cloud Computing<\/em>&nbsp;(1st ed.). The MIT Press. https:\/\/doi.org\/10.7551\/mitpress\/14821.001.0001<strong><\/strong><\/p>\n\n\n\n<p>Samonas, S., &amp; Coss, D. (2014). The CIA strikes back: Redefining confidentiality, integrity and availability in security.&nbsp;<em>Journal of Information System Security<\/em>,&nbsp;<em>10<\/em>(3).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authentication and Authorization in the CIA Triad https:\/\/www.nist.gov\/image\/cia-triad BLUF The CIA Triad is a cybersecurity model with the initialism of Confidentiality, Integrity, and Availability. Authentication verifies a user, and authorization determines what an authenticated user can do. The CIA Triad The CIA Triad, developed in the 1970s, identifies confidentiality, integrity, and availability as the three&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/aaroncominio\/2024\/12\/02\/authentication-and-authorization-in-the-cia-triad\/\">Read More<\/a><\/div>\n","protected":false},"author":29612,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":4},"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/posts\/490"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/users\/29612"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/comments?post=490"}],"version-history":[{"count":2,"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/posts\/490\/revisions"}],"predecessor-version":[{"id":493,"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/posts\/490\/revisions\/493"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/media?parent=490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/categories?post=490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/aaroncominio\/wp-json\/wp\/v2\/tags?post=490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}