The CIA Triad
The CIA Triad is one of the most widely used models in information security. It stands for
Confidentiality, Integrity, and Availability. Together, these three concepts form the foundation for designing and evaluating security policies and practices.
Confidentiality
Confidentiality focuses on keeping sensitive information private and ensuring only authorized individuals can access it. Methods such as encryption, multi-factor authentication (MFA), and access control lists help protect data. For example, when banking online, requiring both a password and a one-time code sent to your phone helps ensure only the rightful account owner can see the data.

Integrity
Integrity ensures that information is trustworthy, accurate, and has not been tampered with. Measures such as version control, digital signatures, checksums, and access controls help maintain integrity. For example, when downloading software updates, cryptographic checksums are often provided so users can verify the file hasn’t been altered by attackers.
Availability
Availability means that authorized users can reliably access information and systems when they need them. This involves regular system maintenance, redundancy, and disaster recovery planning. For example, cloud providers use backups, fail over systems, and load balancing to ensure that even during a server outage, data remains accessible. The triad is important because organizations must balance all three areas. Focusing too much on one while neglecting the others can create vulnerabilities. For example, a system with strong confidentiality but poor availability may keep data safe but be useless if authorized users cannot access it during downtime.
Authentication vs. Authorization
Although closely related, authentication and authorization serve different roles in cybersecurity: Authentication answers the question: ‘Who are you?’ It is the process of verifying the identity of a user or system. Examples include entering a password, using a fingerprint, or scanning a smart card.

Authorization
Authorization answers the question: ‘What are you allowed to do?’ It determines what resources or actions an authenticated user has access to. Examples include granting a student access to online course materials but not allowing them to view administrative payroll records.

Example
When logging into an email account: 1. Entering your username and password is authentication
(proving you are the correct user). 2. Once logged in, the system checking whether you can only read your own inbox but not another person’s inbox is authorization.

Conclusion
The CIA Triad Confidentiality, Integrity, and Availability remains central to information security. Each principle supports the others to ensure that data is secure, accurate, and accessible. Additionally, understanding the difference between authentication (verifying identity) and authorization (granting permissions) is essential for applying the triad effectively in real-world systems. Together, these concepts help organizations protect data while maintaining trust and functionality.