Authorization V. Authentication

Posted by awigg008 on

The CIA triad is a venerable model in the development of security policies used in identifying areas, along with necessary solutions in the area of information technology. It is important to not get the CIA (CentralIntelligence Agency) confused with the CIA triad. The CIA in CIA triad stand for confidentiality, integrity, and availability. Confidentiality is making sure that secure data can only be accessed and/or modified by authorized users.Integrity is making sure that the data is being used for appropriate and ethical reasons, there should be all avoidance of unauthorized modifications no matter the reason. Availability is the ability for authorized users to be able to access the data whenever they need to access it. A good example of this is an ATM. It is confidential and keeps all the data of an individual’s account secure and require different forms of authentication. It shows integrity by making sure that it only allows transfers and other transactions between the user’s account only. And the bank is available for anyone at just about any time with 24-hour ATMs for even when the bank itself is closed.Authorization and authentication can be confused and mixed up, however there is a difference to them. Authorization includes the “who”. It is making sure that the right people have access to only what they have the authorization to access. An example of this is actually myself and the

student organization I am a part of, the Student Activities Council at OldDominion University. There is a special office for members of the StudentActivities Council and only the authorized directors can access it by swipingtheir card through the reader, those who are not authorized will get adenied access and the door will remain locked.Authentication is the process of identifying who someone is and willdetermine if they have access to what the individual is trying to access. Thiscan some in many forms, for example smartphone face recognition is anauthentication process, ID card scan for the Student Activities Counciloffice is an authentication process, as well as a pin and passcode is anotherauthentication process

Leave a Reply

Your email address will not be published. Required fields are marked *