Basil Ogbomoh
WRITE UP: CIA TRIAD
In the rapidly evolving landscape of information technology, ensuring the confidentiality, integrity, and availability of data has become paramount. The CIA triad is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad(availability, integrity, and confidentiality). Confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and the availability is a guarantee of reliable access to the information by authorized users. (Hashemi)
Confidentiality, the first pillar of the CIA Triad, emphasizes the protection of information from unauthorized access. It is common for the data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More stringent measures can then be implemented according to those categories. Integrity, the second pillar of the CIA Triad, revolves around the accuracy and reliability of data. It ensures that information remains unaltered and trustworthy throughout its lifecycle. Hash functions and digital signatures are instrumental in validating the integrity of data, enabling users to verify the authenticity of information. Data integrity is crucial in critical sectors such as finance, healthcare, and government, where the accuracy of information is paramount. The third and last pillar of the CIA Triad, availability, underscores the accessibility of information whenever needed. Redundancy, backup systems, and disaster recovery plans are integral components of maintaining availability. Availability involves properly maintaining hardware and technical infrastructure and systems that hold and display the information. In conclusion the CIA Triad is a fundamental concept in information security that plays a crucial role in safeguarding digital assets and maintaining the overall integrity of systems and data. (Hashemi)
Authentication is the process of verifying the identity of a user, system, or device attempting to access a particular resource. It verifies the question of “who you are” and involves presentation of credentials, such as username and passwords. The purpose of authentication is to ensure that the person requesting access is who it claims to be. Authorization is what occurs after authentication and involves granting or denying access rights and permissions. Authorization is based on the authenticated identity and determines the level of access the user has to specific resources or actions within a system. An example could be when a person is trying to log into the odu portal, entering the credentials constitutes authentication. Once authenticated the system checks the users authorization level, determining whether they have the right to view the account. (“Authentication vs Authorization – Article”)





Works Cited
Wikipedia, https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view. Accessed 31 January 2024.
“Authentication vs Authorization – Article.” SailPoint, 3 March 2023, https://www.sailpoint.com/identity-library/difference-between-authentication-and-authorization/. Accessed 31 January 2024.
Hashemi, Cameron. “What is the CIA Triad? | Definition from TechTarget.” TechTarget, https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA. Accessed 31 January 2024.