CIA Triad

The CIA triad is the most common cyber security model for protecting and developing security systems. It is the basis for any company or organization to use, who is looking to keep its information and assets safe.

In December 2014, the Criminal Division created the Cybersecurity Unit within the Computer Crime and Intellectual Property Section to serve as a central hub for expert advice and legal guidance regarding how the criminal electronic surveillance and computer fraud and abuse statutes impact cybersecurity (Justice Department, April 12, 2022)

Even the Justice Department, the entity that governs federal regulations and laws, keeping us safe from foreign and domestic threats, understands the importance of digital and network protection. They also utilize the CIA triad as their basis for cyber protection. In short, the CIA triad is like the Information technology emergency preparedness system utilized in incident management to manage major incidences.

It is a simple acronym with instructions on structuring an information security footprint in the digital networking world. The C in the CIA triad stands for Confidentiality which, put in non-specialists’ terms, protects an organization’s data in a way that the people who need to see and receive it can. Then keep the people away that are not authorized to access it. The I in CIA stands for integrity which translates in the information technology world as ensuring data maintains its accuracy and follows the web trail the way it is supposed to. This practice ensures the integrity of data transmissions within the digital footprint it is supposed to keep.

The Final letter in the acronym A stands for availability which means that data needs to maintain its accessibility for all parties authorized to access it. Practicing This includes maintaining hardware that safeguards essential data and keeping up backups if needed to maintain its integrity. Part of this is ensuring we maintain authentication procedures and that authorization remains current.

The most preferred method in Cyber security is a 2-factor authorization. When someone has to access data for the first time or on a device that the setup does not recognize, the user has to give either an Inherence factor, a knowledge factor or a locational factor. Two of these conditions must be authenticated for two-part authentication to access data, which is called authentication. Two-part authentication ensures that the person requesting the data is who they say they are. When access to data is set up, authorizations must be established so the program or factors can determine what users can and cannot access the data.

What are authentication and authorization? In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to. (Author docs, by Okita), https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization

These simple steps are a staple of good Cyber Security, and are steps put in place by companies following the CIA Triad.

Human relationships rely on trust, which is why the true history of authentication extends back long before the first written documents referencing it. I suspect that as early as humans formed tribes, they found ways to “authenticate” each other at night using specific sounds or watchwords. At the very least, Roman soldiers used watchwords regularly during the late B.C. and early A.D. periods. (Nachreiner, Corey Geek Wire, September 22, 2018)

Now in today society we no longer can rely on such dated methods due to information transferred at lighting speeds between users via the internet. Network security had to evolve its methods in authenticating and authorization its information due to the amount of people with access to the web. In the Cyber Security realm our procedures had to be constantly updated to keep up with hackers trying to commit cybercrimes.

Work Cited

(Justice Department, April 12, 2022)

 (Author docs, by Okita), https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization

(Nachreiner, Corey Geek Wire, September 22, 2018)