The CIA is made up of 3 parts: Confidentiality, Integrity, and Availability. Confidentiality is another word for privacy. In the context of cybersecurity, confidentiality is the protection of sensitive information from unauthorized personnel. Integrity is ensuring that data is strictly handled and maintained. The information must remain unaltered and accurate at all times.
Availability is maintaining the data is accessible for authorized individuals. This allows authorized users to read and access the information.
Next, authentication and authorization are both important but different factors when it comes to cybersecurity. In simple terms, authentication is making sure the user is who they say they are, and authorization is finding out what the user is authorized to access, but there’s more to the terms than you might think. Authentication challenges a user with credentials, then the user gives proper credentials, the system determines if the credentials are valid then gives the user access. When the Authentication is verified, then that’s where authorization comes into play. Authorization verifies what the user is allowed to see or access, based on a set of guidelines. Once the system has determined what is eligible to access, the user is free to access the data that it’s authorized to access. For example, within the DOD, they use ID cards that prove the users’ identities (authentication). Then they log in there devices, where the level of access they have is determined based on what’s on their clearances (secret, TS, etc.)(authorization).
Overall, when you combine all 3 of the CIA terms, you get the foundation for information security. Authentication and authorization are two drastically different terms that go
hand and hand in keeping the system secure and safe for the users. When you maintain discipline and uphold all 5 terms, it helps prevent and uphold the integrity of the data and systems. Thus making your information and devices overall safer and more secure.