What is the CIA Triad?

Posted by anogl001 on

The CIA triad is the model that represents the best way to develop and strengthen policy and security in information technology. CIA stands for confidentiality, integrity, and availability. All these steps ensure the best possible measures for identification and authorization and lead to the improvement of identification and authorization. This write up will include the description of the CIA Triad and the difference between authorization and authentication.

Confidentiality, Integrity, and Availability
Confidentiality limits access to specific data to the people that have the special privilege to access it and blocks out the people that don’t. Keeping unauthorized access to your database is the best way to increase confidentiality, this includes preventing carelessness or using asymmetric encryption. Integrity is the idea of maintaining data in a safe place to prevent accidental modification or modification with malicious intent. It also includes the importance of being able to reverse and damage or modifications by backing up online via backup disks to tapes offline. The importance of being able to access the data when needed is called availability. Being able to authorize access to the right users is just important as being able to block out the users that aren’t authorized to access the data.

Authorization
Authorization is being able to determine who has access to data by mechanisms that matches access levels and information lists to an entry list. It is necessary to verify access and the authorization of specific functions to data; increasing confidentiality. Symmetric and asymmetric encryption are examples of authorization. Symmetric uses one key to encrypt and decrypt data, which makes it easier to access the data by only finding access to one key for entry to data. Asymmetric encryption uses two keys, a public and private key, and must have both keys to be authorized.

Authentication
Authentication is the process of a system determining that the user trying to access data is who they say they are. Access control systems simplify and improve security by authenticating user-profiles and user id’s to know who you are before being able to access data. Two-factor and multi-factor are examples of different types of authentication. Two-factor requires another layer of authentication, such as a password and DUO Mobile. Multi-factor requires more than two ways of authentication, for example, a password, a smart card, and a fingerprint. The more steps of authentication available, the more secure your data is.

Leave a Reply

Your email address will not be published. Required fields are marked *