Role of the CIA Triad in Organizations

Posted by cespi001 on
CIA Triad

BLUF: The CIA triad consists of confidentiality, integrity, and availability in order to keep data consistently protected, accurate, and accessible.
The CIA Triad was developed as a way to enhance and structure information security in a company or organization. The three values of the triad are confidentiality, integrity, and availability. Confidentiality refers to maintaining privacy so that data is only shared with its intended group (Chai, 2022). For instance, keeping online banking information available only to owners of the accounts. Integrity refers to preventing any accidental or malicious modification or destruction of data, as well as keeping data accurate or up to date. (Cawthra 2020). Continuing on the online banking example, any charges or transfers would instantly be reflected in the account balance within an integritous system. Lastly, availability means having open access that spans a large range of consumers. It also ensures platforms are easy to use (Chai 2022).

Authentication vs. Authorization

BLUF: Authentication controls the validity of the individual, authorization controls the information being shown.
Authentication is about making sure the person trying to access data is who they say they are (Fortinet). Usernames and passwords are a common way to do this. Although, sometimes for more sensitive information, stronger tools must be utilized to keep threats away. These may include a two-factor authentication, in which an individual may be sent a one-time code via email or phone number as a second way to verify their identity. Authorization controls what information an individual is allowed to view (Fortinet). The ODU online library provides authorization to view a wide range of academic sources via the MIDAS login. Non-students would not be able to access that data. This would fall most closely under the confidentiality guideline.

Conclusion

At the rate in which technology advances, information security becomes more and more important. There are more devices that can receive information and more information being shared. The CIA triad of confidentiality, integrity, and availability provides a helpful framework to aid in this purpose. The triad also can be used to help with maintaining authentication and authorization. Though, there is also room to improve and build upon the framework in order to keep up with new demands of the field.




References
Authentication vs. authorization: Key differences. Fortinet. (n.d.). https://www.fortinet.com/resources/cyberglossary/authentication-vs-authorization
Cawthra, J. (2020, December). Data integrity:. Executive Summary – NIST SP 1800-26 documentation. https://www.nccoe.nist.gov/publication/1800-26/VolA/index.html
Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples. Tech Target. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on

Leave a Reply

Your email address will not be published. Required fields are marked *