The CIA triad is a framework that is supposed to aid organizations when setting goals, policies, and security for the company. It was created by a man named Ben Miller who is a vice president at cybersecurity firm dragos. (Fruhlinger, 2020, pg. 1). There are three main components that makeup the CIA triad: confidentiality, integrity, and availability. Confidentiality focuses on only allowing the right personnel to modify and have access to data. The second element, integrity, prioritizes that data should not be tampered with whether on accident or intentionally. Availability addresses on granting access to the authorized users at any time when needed. All of these concepts should be looked at as a whole, rather than individual ideas, when a company is addressing how to allocate their funds when planning to buy software and equipment. The main difference between authentication and authorization is that authentication is the process of establishing the validity of a user by having the user have physical evidence like a security token or a device. On the other hand, authorization is the action of determining who has access to what extent of data being presented. Being authorized doesn’t imply the user will be able to access all the data. One example that uses both authentication and authorization is the DUO mobile application. When you login to MyOdu.com with your Old Dominion University login credentials, it will then ask you to either send a push notification to the user’s mobile device or a six-digit code sent to the device that needs to be typed in order to help authenticate it is the right user.However, it will only grant limited access to their account like their classes / grades and not their bank account information or any other personal data.

References:

Fruhlinger, Josh. (2020). The CIA triad: Definition, components, and examples. IDG Communications, Inc. pg. 1-5. https://drive.google.com/file/d/1Mn3icTLG5X3W7tJjuDaohW8OscHdLOQI/view