Chase Dickerson
February 4, 2024

Understanding the CIA Triad, Authentication, and Authorization

The CIA triad is made up of these three fundamental principles Confidentiality, integrity, and
availability. These principles serve as the foundation for information security policies.
Confidentiality is keeping sensitive information secure and private. This means using encryption,
access controls, physical security measures, and other controls to prevent unauthorized access.
We need to lock down data to keep it safe.

Integrity deals with maintaining the accuracy and trustworthiness of data throughout its entire
life cycle. So using error checking, data validation, backups, version control, and other
protections to prevent unauthorized modifications. We need to keep data protected and
untampered.

Availability means keeping information accessible and usable for authorized users when
needed. This relies on having redundancy through backups and spare capacity, so the system
keeps running if something fails. It also requires regular maintenance and quick repairs to fix
bugs or hardware issues.

Together, these three concepts provide a robust foundation for comprehensive security policies,
which organizations uphold through access controls, encryption, backups, and redundancy.
Now, when a user tries to log into a system, two key processes happen behind the scenes –
authentication and authorization. Authentication is about verifying identity – checking that users
really are who they claim to be, typically by validating login credentials like usernames and
passwords. Authorization is different, as it establishes what authenticated users are allowed to
access or modify according to their role. For instance, a user might provide valid login details,
but authorization determines what resources they can actually see or change post-login.
In short, authentication confirms a user’s identity, while authorization controls their system
access. When done right, these two elements work together to ensure users can only access
the resources they are properly authorized for – no more, no less.

Looking closer at authentication, it kinda relies on validating credentials provided by the user.
The most common approach is username/password, where a user enters their pre-registered
username and associated password. The system checks if this matches a user in the system. It
helps to enforce password complexity and expiration policies to ensure strong passwords.
A good example for protecting sensitive data on the internet and ensuring confidentiality is
requiring an account number or routing number for banking online. Data encryption is another
common method of ensuring confidentiality. User IDs and passwords constitute a pretty
standard procedure required for social media platforms, for example. Two-factor authentication
(2FA) is also becoming commonplace in the healthcare and financial services industries
(Hashemi-Pour & Chai, 2022).

Source:
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA