Overview

The CIA Triad is information and data security protocols for organizations and companies. “CIA” does not refer to the Central Intelligence Agency but instead it is an acronym for Confidentiality, Integrity, and Availability. Confidentiality means that only authorized users can access and/or change data. Confidentiality is making sure private data stays private. Integrity refers to making sure data is saved and maintained properly. This can include secure backups and tight security for the data. Availability applies to data being readily available. An example of this is enough servers to handle user traffic, and keeping hardware up to date.

Authentication and Authorization

Two concepts that fall under the confidentiality part of “CIA” are Authentication and Authorization. Authentication is verifying the identity of the user and making sure they are who they say they are. For example, this Authentication could include fingerprints, retina scans, security tokens, and passwords. Authorization is what determines the permissions a user has in regards to viewing and modifying data. For example just because a user can log into a system does not mean they should access everything. It’s important to set groups or permissions levels. Such as ‘Student’, ‘Faculty’, ‘Admin’ and ‘Parent’.

Origins

The origins of the CIA Triad are unknown but it is speculated that it was first created in a 1976 U.S. Air Force study. All three parts of the CIA Triad overlap each other to an extent. The CIA Triad is a way of thinking, planning, and setting priorities for cybersecurity. The CIA Triad is key to proper information security. It’s important for companies to use the three points of the CIA Triad to make sure their data is secure as well as having it available to the consumers. Additionally, people looking to become cybersecurity specialists should always make sure that the points from the CIA Triad are implemented in their works.