Values and differences
In my readings I learned a lot about how the CIA Triad came to be and how to this day many
people in the cybersecurity realm still adhere to this framework. I gathered how they can be
applied to protect and organize data so the right people can access when they need and the wrong
people cannot get in. Also, I was taught the differences in what seems to be something almost in
the same, authentication and authorization. Two very different yet necessary forms of protection
for protecting and accessing your data or someone else’s. My findings are grouped down below.
The beginnings of the CIA Triad
The CIA Triad started whirling around in 1976 due to confidentiality being questioned within the
United States Air Force. Then, around 1987 integrity was brought up when discussing data
correctness for commercial computing. Finally, availability is still roughly unknown, yet it came
to prominence in 1988 due to a large attack that even crippled the internet for a couple days.
These three values are the core of the CIA Triad. “Every incident-whether ransomware attack,
insider data theft, or unauthorized database changes- can be mapped back to a failure in one or
more pillars of the triad.” (Andrew Dennis, NA) Confidentiality, integrity, and availability are
all things that need to be kept up to ensure privacy, trust, and accessibility. All three of the main
values of the triad serve a different purpose but they also draw into and from one another. “ A
misstep in data access policy can trigger a confidentiality breach. Tampered logs may go
unnoticed if integrity checks are weak;” ( Manisha Martin, 2026) Each aspect needs to be
monitored and maintained to ensure everything is working properly and smoothly.
Authentication vs. Authorization
Something that is so similar but has so many differences is authentication and authorization.
“Authentication verifies who you are and authorization determines what you can do.” ( Author,
2026) You will always first have to pass through authentication, either what would be a
password, a pin, or a biometric match. This allows you into whatever server or service your
looking to visit. Then, authorization comes into play. This allows you into whatever you have
access of. “Authentication confirms a valid user but doesn’t dictate what they can see and do
within a system.” (Priya Mervana, 2026) Therefore, there is always at least two steps to getting
into your specialized data, but that also means hackers have more serious stoppages put in place
so they cant access your information. An example of this would be HIPPA, to access your
records you usually need either a passcode or a biometric login, but after that you get an email or
text to your phone getting more details and making sure you aren’t just anybody logging in.
Some main differences between the two include authentication requiring login details yet
authorization requires user roles, privileges, or access levels. Also, with authentication you can
change your own credentials but authorization needs to be changed deeper within a system. All
in all, both are great tools to stay protected but both complete different needs.
Conclusion
The CIA Triad holds companies to a higher standard when it comes to data protection,
accessibility, and clear expectations. It allows for transparency on things that people need
privatized the most. The triad paved the way for two step verifications and the need for
authentication/ authorization. Both being different programs that run hand in hand to ensure it is
you accessing your data and your accessing what your allowed to be in. In the ever changing
world of technology everything is necessary to stay protected.