Authentication & Authorization within the CIA Triad

Posted by ajack116 on
Introduction

The CIA Triad model is a measure used by organizations to effectively manage and safeguard sensitive information. The model is made up of three components; confidentiality, integrity, and availability. While each concept has its own importance, together, the three make up major cybersecurity standards and values. Authentication and Authorization exist within the framework of the CIA triad as key factors and are used regularly without notice.

Relationship between Authentication and Authorization & the CIA Triad

The three components of the CIA triad are Confidentiality, the rules that limit access, Integrity, assurance the information is accurate and true, and Availability, the guarantee that the information can be accessed by authorized persons. The CIA triad is essential to help organizations avoid gaps or unnecessary steps within their security protocol. Authentication and Authorization are major elements in Confidentiality. Authentication verifies that the person attempting to access the information is who they say they are. Unauthorized access could lead to sensitive information being stolen or leaked. Password requirements, security access cards, pin codes and biometric data like face scans are everyday examples of how an individual is using a form of authentication prior to accessing information. Authorization bases access to sensitive information on the access level of the individual user. A good example of authorization is parental controls on devices or streaming services. These controls allow parents to put restrictions on content for specified accounts or profiles to avoid their children from accessing adult content on accident. From an organization standpoint, Authorization helps prevent insider threat actors from attempting to access important company information and potentially sharing it with competitors

Conclusion

Authentication and Authorization are just two examples of cybersecurity concepts that interlink with the CIA triad. This triad comprises important foundational principles for organization to ensure their information and data is properly maintained and protected. While the CIA triad is often using by companies, we see forms of Authentication and Authorization in everyday life; showing that cybersecurity best practices are always relevant.

References:
-Auth0. (n.d.). Authentication vs. authorization. Auth0 Docs. https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization
-Chai, W. (2022, September 8). What is the CIA Triad_ Definition, Explanation, Examples – TechTarget.pdf. TechTarget.
-Fortinet. (n.d.). Authentication vs. authorization: Key differences. Fortinet. https://www.fortinet.com/de/resources/cyberglossary/authentication-vs-authorization#:~:text=Authentication%20is%20a%20process%20to,access%20based%20on%20that%20level.
– Fruhlinger, J. (2024, July 12). What is the CIA triad? A principled framework for defining infosec policies. CSO Online. https://www.csoonline.com/article/568917/the-cia-triad-definition-components-and-examples.html

Leave a Reply

Your email address will not be published. Required fields are marked *