Brandon Vuono 

CYSE 200T  

CIA Write up 

18 February 2026 

Authentication vs. Authorization 

The CIA triad of confidentiality, integrity, and availability is a foundational model guiding security policy for digital systems. These three principles ensure that information is protected from unauthorized access and system disruption. Understanding the difference between authentication and authorization strengthens the implementation of these three principles. This is done by verifying identity and controlling permissions.  

Cyber Security is essential to protecting digital information in today’s technology driven society. Companies rely heavily on information systems to store vital data such as financial records and operational data. The CIA Triad Provides a Structured framework for understanding how information should be protected (Chai, 2022).  

Confidentiality ensures sensitive information is accessible only to authorized individuals. It protects data from being disclosed to unauthorized users. Examples of confidential information include but not limited to social security numbers, passwords, medical records, and banking information. Companies maintain confidentiality through controls such as encryption and multi-factor authentication (Chai, 2022). Integrity refers to maintaining the accuracy and reliability of data. Information should not be changed by unauthorized users at any time. Whether the data is in storage or transmission, it should not be altered. For example, if someone is sending a recipient’s money, the amount shall not be changed. Mechanisms such as hashing and digital signatures are commonly used to preserve integrity (National Institute of Standards and Technology, NIST 2013). Availability ensures that the authorized user can access the data or information needed. If data is confidential, the user must be authorized to access the data. Maintaining a balance between the CIA Triad is essential for security of data and information.  

When it comes to authentication and authorization, they are closely related. They do serve different purposes to a cyber security professional. Authentication is the process of verifying the user’s identity. It verifies that the person doing the task is who they say they are. Authorization occurs after authentication and determines what an authenticated user is allowed to do. This will restrict any access or modifications a user’s attempts to conduct.  

The CIA Triad remains the foundational model for information security. It is widely used for cyber security professions. Confidentiality protects unauthorized access. Integrity ensures accuracy. Availability lets the data be accessible when needed. Additionally, authentication and authorization strengthen the CIA Triad by further controlling user verification and access rights. By applying the model’s companies and organizations can create a robust secure information system that is resilient. These make the capability of defending against modern cyber threats easier.  

References 

-Chai, W (2022 June 28) What is the CIA Triad? Definition, explanation, examples. https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view 

-National Institute of Standards and Technology 2013. Security and privacy controls for federal information systems and organizations. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf