The CIA Triad is a security model that keeps data secure while aligning organizations’ policies and procedures which keep data secure. The acronyms themselves shape the purpose of the triad. That would include confidentiality, which includes those who are authorized to have the ability to modify data. The next component is integrity which aids against unnecessary or inappropriate modification (whether that be accidental or malicious.) The last component stands for availability which allows those who are authorized to have access at all times. These factors “overlap and can sometimes be in opposition to one another, which can help in establishing priorities in the implementation of security policies” (Fruhlinger, 2020, p. 1).  The CIA Triad has no single originator or creator as it was developed over time. The purpose of the configuration was to configure a better and more concrete strategy for securing data. VP at cybersecurity firm Dragos, Ben Miller mentions the three components of the triad in a past blog post. Miller believes “the concept of confidentiality in computer science was formalized in a 1976 U.S. Air Force study, and the idea of integrity was laid out in a 1987 paper that recognized that commercial computing, in particular, had specific needs around accounting records that required a focus on data correctness”(Fruhlinger, 2020, p. 3). The Triad components together make it easier to assemble useful tactics to monitor data. 

The difference between authentication and authorization are as follows. Authentication allows mechanisms to identify if the user is truly whom they say they are. This would include passwords, and “the panoply of techniques available for establishing identity; biometrics, securit6y tokens, cryptographic keys, and the like”(Fruhlinger, 2020, p. 3). Authorization is different as it identifies who is authorized to or has the right to access data. A system simply knowing who you are would not automatically gain you access to data. Authorization enforces confidentiality within data security by enforcing the “need-to-know mechanisms for data access; that way, users whose accounts have been hacked or who have gone rogue can’t compromise sensitive data” (Fruhlinger, 2020, p. 3).

A good example of the authorization and authentication of a mechanism would be the two-step authentication within a University account. This would include a separate verification app that is generated by a personal mobile phone number. The University account requires a password, but also requires a second verification. Additionally, if no activity has persisted on the account for more than 15 minutes then the account logs out and the steps must be done once more.

An example of the CIA Triad as mentioned in the text would be an ATM. This machine utilizes confidentiality by needing a physical card and a PIN to ensure security. Integrity is demonstrated by recording transfers or withdraws done from the ATM to actual bank records to be viewed at any time. Lastly availability due to ATMs being in reach as there are many of them. This is especially useful when physical banks are closed.

References:

Fruhlinger, J. (2020). The CIA triad: Definition, components and examples. Google Drive. Retrieved March 15, 2022, from https://drive.google.com/file/d/1Mn3icTLG5X3W7tJjuDaohW8OscHdLOQI/view