The CIA Triad

Posted by aconr009 on

Alexander Conrad
Professor Kirkpatrick
Fall CYSE 200T
The CIA Triad
BLUF
The CIA Triad is a common model that is used by Information security in an organization
as a guide for people in information security to find and locate areas of concern. In terms of
authentication and authorization, authenticity is proving who you say you are and authorization
is the given access once you have been properly authenticated.
What is the CIA Triad model
The CIA Triad, which stands for Confidentiality, Integrity, and availability, is a common
model that is used by Information security in an organization. This model is needed and helpful
as a guide for people in information security to find and locate areas of concern that are rooted in
the technology, such as viruses, hacks, or worms. Confidentiality is a set of rules that block the
access to critical information that might be accessed in this business. These rules are designed to
protect sensitive information from being accessed incorrectly, this information could include
something integral to the company and could possibly damage it. Integrity is the guarantee that
the information that is provided is accurate and can be trusted. In addition to this, integrity is also
making sure the data does not get tampered with by malicious parties and is usually done with
intent to hurt the company, so it’s essential to encrypt data and only allow trust worthy
authorities. Availability is an assurance that the information can be accessed by the proper people
that have that authorization. This also involves maintaining hardware and technical systems to
make sure they are up to date to receive all the latest information. Mentioned in the Chai article,
the CIA triad is important because “Considering these three principles together within the
framework of the ‘triad’ can help the development of security policies for organizations.” (Chai
article pg2.) Even though this is just a common concept it’s the one that is very important for any
organization to have because it helps with the safety policies of sensitive information that could
otherwise be exploited or taken by malicious actors. According to Fortinet, “You should use the
CIA triad in the majority of security situations, particularly because each component is critical.”
(Fortinet). As provided the CIA Triad is a very important tool regarding cybersecurity in a
organization and business, especially to prepare and fight off attacks.
What is the difference between authorization and authentication
The difference between Authorization and Authentication is the ability to access
something and if you are able to access that information. Authentication is more closely related
to the integrity part of the triad, because with authentication you have to prove who you are and
why you should be able to access this information. Authorization is closely related to the
confidentiality portion of the triad, where once you have authentication, you can now authorize
that particular piece of information. A way you could see both of them being used together would
be a multi-factor authentication, you have this system in place to protect your information or
accounts, you have to first authenticate yourself in order to be able to authorize it.
Example of CIA Triad
An example of the CIA Triad in practice would be in a ATM. Confidentiality is
maintained by two factor authentication which would be the debit card or credit card and your
pin number to authorize your account information. The machine itself runs the integrity right into
the bank and will reflect any changes made to the account up to date. The Availability would be
in case something happens to this particular machine you have other areas around with ATMs
and the bank that you could go to and access the information there.
Conclusion
The CIA triad is a very simple yet critical model that is used by organizations specifically
to maintain information over the cyberspace. This model includes confidentiality which protects
the information, the Integrity which maintains the trustworthiness and accuracy of the
information, and the Availability is the ability to access the information and keep it backed up in
case something happens to it during transit. This model also including Authorization, which is to
access the information that is being stored and Authentication which is the ability to prove who
you are and that you are supposed to access said information. Each letter represents a important
principle in Cybersecurity and information security because when all the concepts are brought
together it can provide a strong defense against any malicious actors.
References:
The Chai Article about the CIA Triad
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view?usp=sharing
What is the CIA Triad and Why is it important?. Fortinet.com. Retrieved September 17, 2023,
from
https://www.fortinet.com/resources/cyberglossary/cia-
triad#:~:text=The%20three%20letters%20in%20%22CIA,and%20methods%20for%20creating%
20solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *