CIA Triad

Posted by bzaka001 on

CIA Triad and Authentication Versus Authorization

Brandon Zakaras

            Synopsis

            If a person who has never delved into the world of cybersecurity were to try and plan for all the different vulnerabilities that afflict organizations in today’s world, they would be massively overwhelmed. The CIA Triad helps give both users who have had years of work in cybersecurity under their belt and those who are just beginning the goal for which to focus their work in protecting their items or their employers’ items. The triangle is also known as a shape that is dependent on each joint, which means that each point of the triangle is dependent on the other two. This is the reason that the CIA Triad is called a triad, in order to convey the sense that without even one of the three subjects covered, the ideal form of security will be lost. The three topics that are discussed under the CIA Triad are Confidentiality, Integrity, and Availability.

                 CIA Triad

                  The CIA Triad is a fundamentally important aspect of cybersecurity that every person should know if they are planning to go into a field that is even related to the protection of digital assets. In this context, “CIA” does not stand for Central Intelligence Agency, but rather the three main subjects that one should look for when giving guidelines for an asset. These three subjects are Confidentiality, Integrity, and Availability. While there is a possibility to add more subjects to this list, these three assets are simplistic, and applicable in many different areas, therefore making them the best choice.

                 Confidentiality

                 Confidentiality is the first of the three subjects discussed by the CIA Triad. This subject is the one that makes sure that only the people that are meant to see the information, see the information. You do not want a bank account or Social Security number becoming public knowledge, so confidentiality is what you want with that information. Confidentiality is not a cyber or electronic-only threat. If someone puts hundreds of dollars into encrypting and locking down data in the cyber world, but leaves a hard drive with all of the data out on a table, then that data’s confidentiality could very easily become compromised. Authorization and Authentication are both classified under Confidentiality, but they are very different from each other.

                  Authorization

                 Authorization is not the same thing as authentication. Authorization is focused on if a person is allowed to view or change an item, and does not care about ensuring who they are, so long as they are allowed to view it. Authentication would usually have to come before authorization, as a computer can not authorize a person to do something if it does not know who they are. Cryptography is an excellent way to do authorization, as only the person who has the crypto-key to the information should be able to view their information.

                Authentication

                Authentication is about making sure that a person is who they say they are. This is a pillar of confidentiality, because if a computer can not tell who should and should not have access to an asset, then it is not good at keeping things confidential. One of the best ways to ensure authentication is two-factor authentication, because if the person is who they say they are, they will have access to the second factor.

               Integrity

              Data integrity is imperative to cybersecurity. Cybersecurity personnel have to ensure their clients information’s integrity is secure, otherwise their whole job is considered obsolete. There are many different ways that a piece of data can lose its integrity, both in an active and passive way. One way that a piece of data can lose its integrity is through electrically charged rays from the sun changing the code of a piece of data. Another way that a piece of data can lose its integrity is through active and purposeful means of tampering with data for personal gain, such as the stock market.

               Availability

               Availability is the area least strictly associated with cybersecurity, as other branches are can be told to be in charge of availability, as it is not apparent at first that it is a cybersecurity must. Cybersecurity personnel must be able to incorporate availability into their plans though, as a piece of data that is confidential and has integrity is of no use if it is not available to those who need it. One example of availability being affected in terms of cybersecurity is a Denial-of-Service attack, which overwhelms a service with too many requests for it to handle.

            Citation

  • Fruhlinger, Josh. “The CIA triad: Definition, components and examples.” IDG Communications, 2020
  • “CIA Triad.” Fortinet, 2021, https://www.fortinet.com/resources/cyberglossary/cia-triad

Leave a Reply

Your email address will not be published. Required fields are marked *