The CIA triad

Posted by cmckn006 on
Chase McKnight
What Is the CIA Triad?
BLUF: The CIA Triad is a model that was made up of three components: Confidentiality,
integrity, and availability. As Chai stated “The model is also sometimes referred to as the AIC
triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence
Agency.” (Chai 2022). Authentication is proving who you are, while authorization is more about
permission, what you can do. All in all together they safeguard systems by confirming identity.
The CIA Triad
The CIA is made up of three different components: Confidentiality, integrity, and availability.
Confidentiality is designed to protect sensitive information from being stolen from authorized
access attempts. Chai states, “It is common for data to be categorized according to the amount
and type of damage that could be done if it fell into the wrong hands” (Chai 2022). For example
setting up a 2 factor authentication system when logging into a system. Integrity is about being
consistent and accurate. Data should never be changed in transit and steps have to be taken in
order for it to stay confidential. Availability means that information needs to be readily available
at all times for authorized users. Using backups or having a disaster recovery plan is a good
example of availability.
Authentication vs Authorization
Authentication and Authorization are most of the times viewed as the same thing. Although they
have many similarities there are differences. Authentication is more about proving who you are
whereas authorization is based on permission. For example authentication is going to the airport
and showing TSA your ID before you board a plane. To go off of that a form of authorization in
the airport would be showing the boarding pass for your flight proving you can get on the plane.
Conclusion
In conclusion, confidentiality, integrity, and availability are the three components that make up
the CIA. Confidentiality is to limit access to certain information, integrity is the certainty that the
information is accurate, and availability is having a reliable access to information for authorized
users. Authentication is proving who you are, while authorization is more about permission,
what you can do.

Leave a Reply

Your email address will not be published. Required fields are marked *