CIA Triad and Authentication vs Authorization

The CIA Triad, or AIC Triad, is a cybersecurity blueprint consisting of three key concepts. These are the key principles used to ensure the security and reliability of information systems. The CIA Triad is crucial in securing data, but authentication and authorization verify a user’s identity and determine the user’s access level to an operating system. This article will explain the CIA Triad and the difference between authentication and authorization.

The CIA Triad

The CIA Triad is a model consisting of three objectives that an organization can use to
evaluate the risk to its security and ability to protect information. Confidentiality is the protocol
that is put in place to ensure privacy. These measures are put in place to protect sensitive
information from unauthorized access attempts. An example of confidentiality would be requiring an account or routing number for online banking and data encryption. Integrity guarantees
that data will be consistent, accurate, and trustworthy; integrity is the protocol that is in place to ensure unauthorized people do not alter it in transit. Examples of integrity include requiring file permissions and user access controls. Lastly, Availability ensures information is accessible for authorized users and the daily maintenance and repair of hardware to ensure an operating system is fully functioning. Examples of availability would be putting safeguards in place to prevent data loss and connection interruptions. Another example of availability is making sure adequate bandwidth is available and avoiding the occurrence of bottlenecks. The CIA Triad is the foundation of cybersecurity and ensuring the security of organizations and their data.

Authentication vs Authorization

Authentication is the verification of a user who is trying to access an application or database. It is necessary because it is the first defense against unauthorized access. Without authentication safeguards, an organization is open to attack from anyone who may want to exploit or misuse their data. One type of authentication is single-factor authentication, which usually consists of a password, pin, or access code. Another type of authentication is two-factor authentication, which could be a one-time password, SMS code, or security question. The last form of authentication is multi-factor authentication, which consists of previously mentioned factors and biometrics. Authorization verifies what information and applications a user can access and always comes after authentication. These settings are put in place after a user is verified so that they can access the systems and information needed to perform their duties. Role-based access control, attribute-based access control, and rule-based access control are some of the most common authorization techniques used to assign control to a user. An example of authentication and authorization would be an online banking system. Once users can authenticate themselves using their login credentials, their authorization will determine what functions they can perform. For instance, a regular user may only be able to view their balances and transactions, while an administrator may be able to modify account information and approve loans.

Conclusion

The CIA Triad principles are crucial to enhancing cybersecurity and data protection. Combined with authentication and authorization, they provide additional security, assuring only authorized users can access sensitive information within an organization.

References

Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples.
TechTarget. Retrieved February 1, 2025, from
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view

Mitchell, A. (2024, September 9). Authentication vs Authorization – What’s the Difference?
Expertbeacon. Retrieved February 1, 2025, from https://expertbeacon.com/authentication-vs-
authorization-whats-the-difference/#google_vignette

Roy, S. (2023, May 2). Authentication vs Authorization. Www.Baeldung.com. Retrieved
February 1, 2025, from https://www.baeldung.com/cs/authentication-vs-authoriza