In this write-up, we will look at the Confidentiality, Integrity, and Availability Triad, an organizational model used in the CYSE industry to help guide policies and system designs.   

CIA Triad Overview 

            The CIA Triad is an organizational model used in the field of cybersecurity to help “identify and reduce vulnerabilities in security systems” and guide policy-making decisions within information security organizations (University of Tulsa, 2024). The triad is made up of three key principles: Confidentiality, Integrity, and Availability. According to Chai (2022), Confidentiality is roughly equivalent to privacy. Confidentiality relates to privacy in the sense that confidentiality measures are put into place to prevent unauthorized access. To follow this principle, access is only restricted to those who are authorized to view any sensitive information or data. A way companies implement this pillar is by requiring two-factor authentication (2FA) on sensitive accounts. Integrity relates to reliability within this triad. When information is accessed, the information should unaltered, accurate, and reliable to represent what it means. There should be a basis of “consistency, accuracy, and trustworthiness” regarding the data when it is viewed (Chai, 2022). One way this is done is by using various controls like version control, access control, and security control. While the other two pillars focus on creating a sense of security within the cybersecurity community, the third pillar of availability focuses on “ensuring uninterrupted access to data” by allowing authorized parties to access their information as they need. This principle is based on the concept of providing access both readily and consistently. 

            One-way users experience availability every day is by being able to access a website or log in to a service whenever needed, some websites take this a step further by offering AI or human problem assistance 24/7 as well. 

Authentication vs. Authorization 

                  In the cybersecurity community, when it comes to accessing data, there are two words people mix up: authentication and authorization. There is a very simple difference between the two concepts. Authentication is the process of making sure a user is who they say they are, it is a process that authenticates one’s identity. Authorization “is about determining a user’s level of access and then granting access based on that level”, it’s like your clearance level (Fortinet, n.d.). Considering a real-world comparison, when you go to the airport and check in with security, you are authenticating your identity; however, when you get to your boarding gate and show your plane ticket, you are then being authorized access to a specific flight.Another example in the cyber context is when you log in to a website, by using your unique login you are being authenticated. By having an account, you are then authorized access to specific areas within the site. 

Conclusion 

            All three principles discussed above make up “foundational and crucial cybersecurity needs” and these principles all work together to provide a secure and user-safe cyber environment (Chai, 2022). Without these principles, the realm of cybersecurity would be much less safe and much less structured. The implementation of these pillars in our everyday digital interactions allows us to make use of the technology around us without any worry or fear.  Understanding these principles and the distinction between authentication vs. authorization will allow you to develop a deep understanding and appreciation for the cybersecurity practices that surround us. 

References 

Authentication vs. Authorization: Key Differences | Fortinet. (n.d.). Fortinet. 

https://www.fortinet.com/de/resources/cyberglossary/authenticationvsauthorization#:~:text=Authentication%20is%20a%20process%20to,access%20based% 20 on%20that%20level.  

What is the CIA triad? (2024, January 4). The University of Tulsa. 

https://online.utulsa.edu/blog/what-is-the-cia-triad/

Chai, W. (2023, December 21). What is the CIA triad (confidentiality, integrity and availability)? WhatIs. https://www.techtarget.com/whatis/definition/Confidentialityintegrity–andavailability–CIA