Aliyah Morales

Old Dominion University

CYSE 200 Cybersecurity and Social Science

September 17, 2023

What is the CIA Triad?

The CIA triad is a core concept and the foundation of information security and cybersecurity. The CIA stands for Confidentiality, Integrity, and Availability. The goal of the CIA triad is to create a security framework for information security around those three goals. These three core principles collectively help organizations ensure the protection and proper management of their data and information systems. The first part of the triad starts with confidentiality, confidentiality is to ensure that sensitive information is kept private and accessible only to authorized individuals or entities. The second goal of the triad, integrity, is to maintain the accuracy, reliability, and consistency of data and information systems. It involves preventing unauthorized or unintended changes to data, whether it be deliberate or accidental. The last part of the triad is availability is to ensure that information and resources are accessible and usable when needed. According to the Splunk website, the CIA triad as useful as it is does need to be updated as technology changes. Splunk recommends that “authentication is your systems’ ability to confirm an identity. Non-repudiation or accountability is when your systems are able to confirm the validity of something that occurs over the system. It further assures the information’s origins and integrity.” (Splunk,2023). The view of adding additional terms to the CIA triad is one that is being backed by NIST.  

Authentication versus Authorization

The difference between authentication and authorization is that authentication process of verifying the identity of a user, or system trying to access a resource. Authorization is when the user is given permission to access data or a system. An example of Authentication is when a person enters their username and password, and then gets a verification code on their phone, that authenticates they are who they appear to be. An example of authorization is what the user can do once the authentication process is complete and access has been granted.

Conclusion

The CIA Triad – Confidentiality, Integrity, and Availability – is the foundation of information security. While it remains vital, the ever-changing landscape of technology demands its evolution. Adapting to emerging security challenges, including concepts like authentication and non-repudiation, ensures that the Triad continues to provide robust protection for data and information systems in our tech driven world.  

References

Splunk. (2023, January 11). Is the CIA triad relevant? confidentiality, integrity & availability Today. Splunk. https://www.splunk.com/en_us/blog/learn/cia-triad-confidentiality-integrity-availability.html

Facebooktwitterlinkedininstagramflickrfoursquaremail