The CIA Triad, a core idea in information security, consists of three key principles:
confidentiality, integrity, and availability. While integrity ensures that data is
accurate and reliable throughout its lifespan, confidentiality makes sure that only
authorized parties may access sensitive information. Availability guarantees that
data and resources are available when required. In the field of security,
authorization and authentication are two separate but connected ideas.
Authentication uses credentials, such as passwords or biometric information, to
confirm the identity of people or entities gaining access to a system. For instance, a
user must authenticate themselves by inputting their username and password when
they log into their email account. However, the activities or actions that
authenticated users are allowed to carry out within the system are determined by
authorization. It outlines permits and roles-based access privileges. Depending on
their allocated rights, the user in our email example may be allowed to read, write,
or delete emails following authentication. Both authorization and authentication are
essential for protecting sensitive data and preserving system integrity. While
authentication verifies identity, authorization establishes what may be done.