CIA Triad

Posted by ahild004 on

Austin Hildenbrand
09/15/24

CIA Triad
The CIA triad is the basic fundamentals of what each technological department and
company should use. The triad consists of 3 disciplines: Confidentiality, Integrity, and
Availability. Each of these disciplines are designed to guide policies for information
security within a company (Chai Article, 1).
Confidentiality
Confidentiality is designed for the security of sensitive information. This can include, but
not limited to, unauthorized access attempts. This discipline includes a set of rules in
which the sensitive information is secured from unauthorized personnel.
Integrity
Integrity is the responsibility of the organization, in which the data being used is up to date
and unaltered. Integrity assures that sensitive information is uncorrupted and can only be
altered by authorized personnel. Integrity is the guidelines that companies follow, to
ensure security of information in transit is secured and cannot be accessed by
unauthorized personnel (Chai Article, 2).
Availability
Availability involves the consistency, in which information is accessible for authorized
personnel (Chai Article, 2). For example, if someone wishes to access their routing or
account number via website, then that information should only be accessed by the user
and provider.
Differences and Similarities
Many users of the CIA triad struggle with the interdisciplinary concepts of Availability
because of the confusion between Authentication and Authorization. Authentication is the
verification of a user or provider, while Authorization is the system’s access privileges
given to the authorized personnel (The CIA Triad, Authentication, and Authorization, 1). A
good way to simplify this is how a rectangle can be a square, but a square can’t always be
a rectangle. Authentication determines that the user is who they say they are. Then, follows
the guide of Availability into the system’s permissions and allows the user to access the
information.
Why is the CIA Triad Important?
Each of the domains of the CIA triad work together, but also complement each other,
because if one were to fail, then the entire operation would fail. The Chai article says
“Confidentiality, integrity, and availability together are considered the three most
important concepts within information security.” When conducting business, the user’s
and provider’s information needs to stay secure and reachable, no matter the kind of
business being conducted.
Examples of Each Domain
When referring to Confidentiality the information of user and/or provider needs to stay
safe. A way to prevent breaches is requiring Multi-Factor Authentication, where the human
user has required credentials and also a piece of information they know, like their dog’s
name or an old address. This creates a more secure authentication and keeps information
confidential.
The guidelines of Integrity ensure the security of information in transit and at rest, which
can be secured by system permissions. Companies must ensure that information stays
secured while in transit to the user. The provider must also perform data checks to ensure
that data at rest has not been altered and/or is still accessible.
Availability is involved in each discipline of the triad, but examples include, but are not
limited to; server crashes, or a user being locked out by another party, such as a black-hat
hacker. It is the provider’s responsibility to ensure the required information is accessible
and if it’s not, then it’s the provider’s responsibility to fix it.
Conclusion
The CIA Triad is the basic guidelines, in which a company or provider must follow, in order
to ensure the security of information technology. The interdisciplinary requirements of
each domain intertwines, but it’s important for the company to distinguish each domain and
maintain stability within the triad. Ultimately, it’s the provider’s responsibility for all of the
disciplines to remain intact, in order to properly conduct business with a user. If one of
these domains fail, then the provider must resolve it.

Works Cited
Chai Article, 06-28-2022
What is the CIA Triad_ Definition, Explanation, Examples – TechTarget.pdf – Google Drive
The CIA Triad, Authentication, and Authorization, 04-19-2022
The CIA Triad, Authentication, and Authorization | Ryan Moss (odu.edu)

Leave a Reply

Your email address will not be published. Required fields are marked *