The CIA Triad

Posted by bcree002 on


The CIA Triad


What is the CIA Triad?


The CIA Triad is a model of policies followed by organizations for purposes of
information security. It contains the trio of policies: confidentiality, integrity, and availability, all
of which serve as the important foundation for every IT department in an organization.
Understanding the meaning of each policy and its significance to the world of cybersecurity is
crucial to any employee in terms of protecting an organization’s assets. (Chai, 2022, pg. 1)
Confidentiality- Rules set by the organization that restricts access only to certain people.
• Relative to the meaning of privacy, confidentiality is essential to documents or data that
contain important information to the organization and want to keep it from the public
by concealing it.
Integrity- Relying on the information being truthful and credible.
• Organizations need to often make sure that the data they are exchanging has strong
validity and they aren’t giving data to unauthorized personnel. (pg. 2)
Availability- The ease of access of this information people of authority.
• Always ensuring that people that have great authority within the organization is able to
access this classified information, as they are one of the first ones that should be able to
view it.
All together, these three policies have a connection to each other. This forms a pyramid that if
followed, it creates a strong security system. It also helps organizations figure out how much
value is being put into these key areas. (pg. 2)


Authentication & Authorization


Authentication and authorization are both very important processes that the employees
must take to protect their vital information. To put it simply, authentication evaluates the
identity of the user trying to access the information and authorization determines if they should
be able to access it or not. Both of these processes play their own role in a connection system
and connect with each other. However, it’s important to note the differences between the two.
(Andrioaie 2022)


Differences-
• A simple way of understanding the key difference between authentication and
authorization is that authentication involves the gatekeeping of data/information
through means of passwords and codes, whereas authorization involves a set of rules
set by the organization.
• A good example to represent this is by thinking of those CAPTCHA tests you see on
Google that determine if you are a bot or not. The CAPTCHA test itself serves as the
authentication and by solving it, you are proving you are not a bot. The authorization is
Google letting you access the information as they have determined you are indeed not a
bot.


All in all, both the topics of the CIA Triad and Authentication vs. Authorization serve a
purpose in the industry of Cybersecurity. They are the basic building blocks of
knowledge that should be learned if one were to pursue this field.


Works Cited
Chai, W. (2022). What is the CIA Triad? Definition, Explanation, Examples. TechTarget, Retrieved
January 25, 2023, from
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view.
Andrioaie, A. (2022). Authentication vs. Authorization. Heimdal Security, Retrieved January 25,
2023, from https://heimdalsecurity.com/blog/authentication-vs-authorization/.

Leave a Reply

Your email address will not be published. Required fields are marked *