Understanding the CIA Triad

Posted by bfont002 on
Brenda Fontana
Understanding The CIA Triad
What is the CIA Triad and when do we need it?
The CIA Triad is the base of information security, highlighting confidentiality, integrity,
and availability, and providing a framework with policies to guide organizations (Hashemi-Pour
& Chai, 2023). Confidentiality involves ensuring privacy by limiting access to sensitive
information, with methods such as encryption, access controls, and user training. Integrity
focuses on maintaining data accuracy and trustworthiness, with techniques such as version
control, checksums and digital signatures to identify and prevent unauthorized alterations.
Availability guarantees consistent and authorized access. All three principles together are
considered the base of information security.
Authentication vs. Authorization
The concepts of authentication and authorization go together in most contexts of
information security. Authentication ensures users are who they claim to be, and upon
verification, Authorization states the level of access granted (Hashemi-Pour & Chai, 2023). For
instance, a user logging in with a username and password (Authentication) is also authorized to
view, edit, or delete files based on assigned permissions (Authorization). An example that I
believe could apply to this is Canvas. It contains information, different users that work within it,
active communication in various ways, and it is protected by authentication and verification to
log in; furthermore, depending on what role you have in the platform or organization that
controls it, you have different levels of access to the information in it. It is not the same to log in
from my account, than logging in from a professors account.
Conclusion
In conclusion, the CIA Triad provides a framework for information security, emphasizing
confidentiality, integrity, and availability. Authentication and authorization, two important
components of this framework, contribute to securing systems that contain sensitive, private
information. Authentication establishes identity, while authorization dictates the level of access
that will be available to authenticated users, representing the principle of information security
that the system supports.

Leave a Reply

Your email address will not be published. Required fields are marked *