CIA triads

The Principles

            The CIA triads is an information security model essential in cybersecurity as it supplies vital security features. It guides organization’s efforts and policies that focus on keeping its data secure. There are three principles that break down the CIA Triads: The Cstands for Confidentiality: Only authorized and processes should be able to access or change data. The Iis for Integrity: In which the data should be kept in a correct state and nobody should be able to improperly change it, either accidentally or maliciously. Finally, the A stands for Availability: Authorized users should be able to access data whenever they need to do so. These principles are top priority for infosec professional. (Fruhlinger,2020)

History Behind the CIA Triad

            The formations of the CIA triad are unlike other organizations concepts in infosec, it developed over time. Ben Miller, a VP a cybersecurity firm Dragos, traces back in a blog early mentions of the three components of the triad. His thoughts on the concept of confidentiality was formed in 1976 U.S Air Force study, the idea od integrity was put out in a 1987 paper the noticed that commercial computing had needs around accounting records that required focus on data correctness. Availability is more challenging to pin down, the idea sprung when in 1988 the Morris worm, one of the first widespread pieces of malware, kilt a significant portion of the internet offline. It’s not fully clear when the three concepts began, but it seems to have been established as a concept by 1998, when Donn Parker, in his book ‘’ Fighting Computers Crime”, extending it into a six-element framework called Parkerian Hexad.

Authentication & Authorization

Authentication and Authorization used and respect the knowledge of security that allows the safety on automatic data systems. However, both terms are completely different from one another. Authentication identifies the users that are checked in and provides them access into the system. A school ID is an example of how authentication is used when signing into the computer or portal user would need their usually login details. While authorization takes place after the authentication process it decides what permission does the user have. With the same example students are granted limited access like being unable to change grades with their school ID.(MKS075,2020)

Conclusion

The CIA triad is useful, but there are plenty other infosec experts who say that it does not cover everything. It is all about information and considered the core factors of cybersecurity. However, implementing the triad is not just a matter of buying certain tool. The triad is a way of thinking, planning, and most importantly setting priorities. Industry standard cybersecurity frameworks like the one from NIST are informed by the ideas behind the CIA triad, though each has its own particular emphasis.