The three branches of the Triad

The concepts of confidentiality, integrity, and availability are represented in the CIA Triangle, which serves as a foundational model for information security. Each component is designed to protect systems and data. Confidentiality ensures that information is accessible only to those who are permitted to view it. This is achieved through methods such as encryption and access controls. Integrity focuses on ensuring that data remains accurate and unaltered, employing techniques like digital signatures, hashes, and checksums. Availability guarantees that systems and data are maintained and accessible, utilizing strategies such as redundancy, backups, and failover systems so that authorized users can access information and resources when needed.

In the realm of security, authorization, and authentication are two distinct but interconnected concepts. Although they are often confused, they serve different purposes in ensuring secure access. Authentication is the process of verifying a user’s or system’s identity, answering the question, “Who are you?” Techniques for authentication include passwords, fingerprints, security tokens, and multi-factor authentication (MFA). For example, when you enter your username and password to log into your email account, the system compares this information with its records to verify your identity. This entire process is known as authentication.

On the other hand, authorization determines what an authenticated user or system is allowed to do, answering the question, “What can you do?” This involves setting permissions and access restrictions to ensure that users can only perform actions or access resources they are authorized for. For instance, after logging into your email account, you can view your inbox, compose emails, and adjust settings based on your user role. If you have administrator privileges, you may also be able to manage other user accounts. This is the authorization process.

When you access your online banking account, you must first authenticate yourself by entering your password and account number. The bank’s system verifies these credentials to ensure you are the legitimate account owner; this process is called authentication. After successful authentication, the system uses your account details to determine what actions you can take—such as transferring money or viewing your account balance—while restricting access to administrative functions like managing other user accounts. This determination of access rights is known as authorization.

Conclusion

In summary, authentication is the process of verifying an individual’s identity to ensure that they are who they claim to be. This typically involves methods such as passwords, biometric data, or security tokens. Once a user’s identity has been confirmed through authentication, authorization comes into play. Authorization determines what resources, actions, or information a user is permitted to access and interact with, based on their verified identity. Together, these two processes form a critical framework for maintaining security within systems and applications. Authentication protects against impersonation, while authorization helps prevent unauthorized access to sensitive data or functions. Both are essential for safeguarding systems from misuse and ensuring that users only access information relevant to their role or permission level.

Work Cited

Perusall. (2024). Retrieved November 17, 2024, from Perusall.com website: https://app.perusall.com/courses/202410_cyse200t_16378-cybersecurity-technol-society/what-is-the-cia-triad_-definition-explanation-examples-techtarget?assignmentId=WzxriB28CZ8qoMvwy&part=1

‌

Shea, S. (2023). What is data security? The ultimate guide. Retrieved November 17, 2024, from Search Security website: https://www.techtarget.com/searchsecurity/Data-security-guide-Everything-you-need-to-know

‌