Uncategorized

CIA Triad

Posted by acole066 on

Amanda Coleman
CYSE 200T
09/14/2025
Professor T. Duvall

The CIA Triad in Cyber Security

BLUF: This report defines the concept of the CIA triad and the difference between
Authentication and Authorization.

“The concept of the CIA triad formed over time and does not have a single creator” (W.Chai) The CIA triad is a cybersecurity framework used by IT professionals to effectively manage information security. It consists of Confidentiality, Integrity and Availability.

Confidentiality
Confidentiality means keeping the information secure from persons or entities not allowed
access to it. The more valuable the information, the more access to it is restricted. Maintaining
confidentiality reduces the risk of both insider and outsider threats. Confidentiality can be
achieved through user access controls, password protection or two factor authentication.
Access once given to former employees should also be promptly revoked.

Integrity
Integrity is the reliability and accuracy of the information. As data is transmitted, it must be
protected from modification by unauthorized parties or damage to files. For example, a cash
transaction done via a money transfer app must ensure that the intended recipient gets the
amount transferred, and an encrypted email should contain the correct data while securely
sent. Integrity also entails keeping data properly backed up so it can be retrieved in the event of
a system shut down and operations can resume.

Availability
Availability means ensuring that all parties that are allowed to access the data can do so
anytime that data is needed. The system must maintain functionality during its high traffic times
and give adequate notice when temporary shutdown is needed for maintenance. For example, a
bank’s main website has scheduled maintenance, the mobile app should be available for
customers to access their account information securely and the physical branches should
operate normally.

Authorization vs Authentication
Authorization describes entities that have been given expressed permission to access
information. These parties can be customers or owners of the data or employees with a need
to-know position. In a military organization, authorization to access information is determined
by the level of clearance assigned to the personnel. Authentication is the process by which prior
authorization is verified and protected. Many businesses use multiple factors when creating
user accounts to reduce the risk of accidental or intentional breach of access controls. These
can include the use of biometrics or security codes as a second layer of protection after the
correct password is entered.

Conclusion:
The CIA triad is the foundation of a strong cyber security framework. It encompasses all the
areas from which threats can arise and gives rise to a well-rounded approach to information
security.

References:
“What is the CIA triad? Definition. Explanation. Examples.” Wesley Chai
Google AI search
https://www.google.com/search?q=cia+triad&oq=CIA+&gs_lcrp=EgZjaHJvbWUqCggDEAAYsQMY
gAQyBggAEEUYOTIKCAEQABixAxiABDINCAIQABiDARixAxiABDIKCAMQABixAxiABDIKCAQQABixAx
iABDIHCAUQABiABDIHCAYQABiABDINCAcQABiDARixAxiABDIKCAgQABixAxiABDIHCAkQABiABNI
BCTk4MjRqMGoxNagCCLACAfEF6R6ziAA-JUnxBekes4gAPiVJ&sourceid=chrome&ie=UTF-8

Leave a Reply

Your email address will not be published. Required fields are marked *