The CIA Triad & Authentication vs Authorization

Posted by cstew011 on
The CIA triad is a security model that helps organizations to secure their data. Authentication and authorization have different purposes and methods that protect information.
CIA Triad
The model stands for confidentiality, integrity, and availability. These are the most crucial principles in information security. Confidentiality allows only authorized users to have access to certain information and puts measures in place to keep data private. Integrity means staying consistent with who has access to the data at all times, whether accidental or intentional. Availability keeps the data ready for the intended user when needed, through maintained hardware and systems that display the information.
Authorization
Authorization allows people to access information through specific actions based on conditions in place from an application. Access to an application could be granted or denied to complete certain functions. One example of this is through social media. If someone has a private profile, you don’t have authorization to view it unless requested by the owner. Implementing authorization can vary based on the framework being used. “For example, giving a user the role of Admin may mean they would have been given Advanced Create, Edit, Delete, and View user privileges” (Riordan 2023). Some roles are given to users with permissions already predefined.
Authentication
Authentication is the verification from a user, showing that they are who they say which allows access to an application. There are various methods of authentication that some companies may use to better security for the organization. The level of authentication can depend on the level of risk and the information that would be accessible. An example would be 2-Factor Authentication, which requires someone to type in their username and password as well as receiving a password or code sent through a phone.
Conclusion
The CIA Triad’s security model is not only important in cybersecurity roles, but everything that holds sensitive information. When accessing personal matters such as a bank account, we understand how crucial it is to have different forms of authentication because of the sensitivity of the information that we wouldn’t want others to get their hands on. These fundamentals help us to secure and protect data from unauthorized access.

Leave a Reply

Your email address will not be published. Required fields are marked *