CIA Triad: Authentication & Authorization

Uncategorized

The CIA triad is the core design of information security, confidentiality, integrity, and
availability. These three principles form the foundation of information security. While the CIA
Triad is the foundation of information security, it isn’t fully functioning without authentication
and authorization. Authentication and authorization can be confusing, but they are different.
Authentication is the verification of user identity. Authorization grants permission to the user.
Authentication and Authorization are layers of security that uphold the CIA Triad.

Confidentiality protects data, keeping it secure from unauthorized access. It protects
sensitive information such as personal data, financial records, and classified data. An example is the hospital using encryption to protect patient medical records. Integrity ensures the data is
accurate and complete. Its purpose is to maintain reliable data that can be accessed by authorized personnel. Data integrity provides an accurate reflection of your purchases in your bank statement. Availability is having the data you need at the moment you need it. It keeps network software and data properly maintained, functional, and available for use. An example of availability work is being able to access your emails and different apps from your cell phone at any time of the day.


Authentication and authorization are tools that directly impact the CIA Triads.
Authentication verifies the identity of users through passwords, biometrics, and multi-factor


authentication directly supports Confidentiality. Authorization determines what actions
authorized users can perform, while also supporting Confidentiality by restricting data access to users based on their authorization level. Both ensure Integrity by limiting data editing to
authorized users and Availability by granting authorized access to the system, enabling updates
to software, and maintaining network availability.


In conclusion, CIA Triad, Confidentiality, Integrity, and Availability, are the foundation of
information security. By protecting the data, ensuring the data is accurate, and maintaining the
system for availability. Authentication verifies the identity of users with multi-factor
authentication. Authorization is the granting of privilege to access information or data. Together, they ensure protection against unauthorized access, authorized access for users, data accuracy, and system maintenance.

Leave a Reply

Your email address will not be published. Required fields are marked *