Confidentiality, Integrity, Availability

Posted by cseid004 on

Businesses have always needed to protect their assets and in this day and age that includes
both physical and online assets. The CIA Triad serves as a foundation to help businesses make
smart security policies for their organization.

The CIA Triad

The CIA triad is a security model made to help businesses design smart policies to keep
themselves secure. This model consists of three foundational ideas: Confidentiality, Integrity, and
Availability. Confidentiality consists of keeping information private. Integrity is the idea that data
will not be altered by anyone unauthorized over transit or the entirety of its existence. Availability
is making sure that information is available to anyone authorized to it in a timely manner. These
concepts together help organizations find vulnerabilities in their systems and provide a
foundation for preventing and finding solutions to problems.

Authentication vs Authorization

First off, what is authentication and authorization? Authentication is verifying if someone is who
they are claiming to be. For example, when I go to clock in at work, the system uses my
fingerprint to verify that it is actually me that is clocking in. Authorization determines what levels
of permissions someone has. Authorization occurs after authentication. One someone has
passed their authentication then their authorization determines what assets they are allowed to
use, view, or modify. A big difference between the two is that authentication uses credentials or
other methods to prove someone’s identity and authorization uses policies and rules to decide
what permissions to grant to a user.

Conclusion

In conclusion, the CIA Triad is a very important foundation for any security concerns of a
business. These foundations will only continue to become more and more important as
technology advances and businesses and organizations rely more on technology. Authorization
and Authentication both play an important role in security because once someone is authorized
into a system that system has to know what they are and aren’t allowed to do.

References

Fybish, R., & Mizrachi, A. (2022, January 16). Authentication vs Authorization: Factors, Methods,
and Techniques. Frontegg. Retrieved September 15, 2022, from
https://frontegg.com/blog/authentication-vs-authorization
Chai, W. (2022, 06 28). What is the CIA Triad? Definition, Explanation, Examples.
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view

Leave a Reply

Your email address will not be published. Required fields are marked *