After I read the article and the research about the CIA Triad including differences between authentication & authorization, I found the important thing for the people who work and study in the cyber and information security discipline that must think about is the CIA Triad which is an information security model that will manage and organize the organization that uses this model to have more safety for securing their information. It is not clear who is the person that creates this model but according to Ben Miller who is a VP at cybersecurity firm Dragos, he thinks any of these triad principles was happening from a 1976 U.S. Air Force study (Confidentially), 1987 paper that specific needs correctness for accounting record (Integrity), and the Morris worm that block their user to access to the internet (Availability). It makes people who use this concept try to implement it in their own way from the unclear creator. The CIA Triad has basic three principles: 1, Confidentially 2. Integrity and 3. Availability All of these principles can overlap and maybe in opposition sometimes such as if you make your information have difficult to access that can support confidentially, but it also can make a bad effect on availability for the people who want to access the information. It can help the organization manage priorities in their security policies. First, confidentially is the concept that ensures that only people who have authorization can access or modify the data. It must restrict people to access it that important for safety in cybersecurity. It has critical two things that relate to confidentially 1. Authentication that the process to make the system know you really be the person you said you are, for example, password, biometrics, cryptographic keys, etc. but 2. Authorization is different from authentication; it is the process that focuses on which data that person has authorized to access it, some people may have the authorization to access everything in the system but usually, people don’t have the authorization to access everything but just the information they need to know for example if I am the electrician in the organization, I should have the authorization to access information only about electric system or information that useful for my work. It is a good thing to do this way because it can decrease the risk and effect when the user’s account has been hacked. The loss of confidentiality can happen from a big data breach that makes someone who doesn’t have authorization see the data. Second, Integrity is the concept that maintains the correctness of the data and makes sure it does not have people change or modify that information improperly. It has many ways when you protect confidentially also protect integrity because if people can’t access the data, they cannot edit it and the data maintain correctness. The loss of integrity can happen from the malicious attacker that attempts to alter or delete data. For example, the hacker hacks some business’s website for fun. The last one, Availability is the concept that people who have authorization can ably access data when they need it. The best way to make sure your data is available in keeping the system up and able to handle the expected network loads. The loss of availability usually can happen from the distributed denial of service attack (DDoS) that makes your website overload and can’t keep the website up. Finally, we will see the CIA triad is the model for information security that ensures organizations for keeping and securing their information, but it is not everything, it is just a useful tool for planning information security strategy.