The CIA Triad is the guiding force for organizations to construct security policies for the
information they use, store, and transmit. CIA stands for confidentiality, integrity, and
availability, which are the primary set of standards that each entity must adhere to in order to
ensure their data is kept safe. It is a globalized standard that promotes a strict authentication
process of individuals who have access to the information being managed by the organization.
The CIA Triad provides the building blocks for creating a security protocol that best suits each
individual organization’s needs and gives them the tools for adapting to security changes as
needed.
Authentication vs. Authorization
Authentication is completed by verifying the identity of the person that is attempting to access
the information. The most common method of authentication is a username and password.
Two-factor authentication is also becoming more commonplace. Two-factor authentication, or
2FA, is defined as “a security process in which users provide two different authentication
factors to verify themselves.” (Rosencrance et al., 2021). Authorization is another large
aspect of the CIA Triad. Authorization is the process of giving a person specific access to
certain pieces of information or even entry to different parts of a building. For example,
when someone works in a government building, they must show photo identification to
authenticate their identity. However, they may also be required to scan an identification
card for entry into higher security parts of the building, which can even involve 2FA by a
fingerprint or retinal scan.
Basic Principles
The CIA Triad is composed of three basic principles: confidentiality, integrity, and
availability. It is intended for use as a guideline for structuring security protocols for
new and existing companies and technologies. Confidentiality “ensures that data is kept
private, secret, and secure.” (Ledesma, 2022). Data must be kept confidential to ensure
that only people who are authorized to access it are able to view it and even make
changes to it. Confidentiality promotes trust in the organization that the data they are
securing is not retrieved by unauthorized individuals. The second pillar of the CIA Triad
is integrity. Integrity creates an environment for data to be kept accurate in addition to
reliable. This is done by protecting data that is transmitted and received, assuring that it
is not altered in the process. The last pillar of the CIA Triad is availability. Data needs to
be readily available to allow organizations to maintain it as needed. If data is not readily
available then it can lead to a lack of business opportunities or even an attack on the
company as a whole.
The CIA Triad also provides guidelines on data recovery in the event of a
fire or natural disaster. Protecting data on a separate hard drive and stored in a
separate location, preferably in a water and fire resistant safe, is a great way to ensure
that data is recoverable. Plus, accessing the back-ups regularly to make certain that the
back-ups are readily available and reliable and has not been compromised.
Conclusion
The CIA Triad is a universal system used by most, if not all, organizations. It
promotes the confidentiality, integrity, and availability of data that is accessed,
transmitted, and stored by an entity. The CIA Triad helps to guide organizations in
creating a security system that is right for their specific level of security needs and
allows for them to build from it and adapt to changes they may encounter.
References
Rosencrance, L., Loshin, P., & Cobb, M. (2021, July 7). What is Two-factor authentication
(2FA) and how does it work? Security. Retrieved February 5, 2023,
https://www.techtarget.com/searchsecurity/definition/two-factor-authentication
Ledesma, J., (2022, July 11). What is the CIA triad? Varonis. Retrieved February 5, 2023,
https://www.varonis.com/blog/cia-triad