The CIA Triad (Confidentiality, Integrity, Availability) article explains what it is, how it works, and why it’s important. CIA Triad is the model guide for Cybersecurity policies that is universally agreed and followed on. The CIA Triad is a very simple model that makes understanding what should be followed, even though there is an argument that it should be changed, it is still a very good guideline that can be easily understood. I also talk about the concerns of digitizing DNA and the potential of it being a target for people that want to do bad things. There’s a lot of ethical concerns that also come with DNA being digitized because of how fast the idea of it is being passed around and talked about, that the Cyberbiosecurity field might not be ready for it.
What Is The CIA Triad?
The CIA Triad is a set model that is used as a guideline for policies in Cybersecurity, sometimes it goes by AIC to not be mistaken for The CIA, it doesn’t matter how it’s followed because it’s a triangular model that is used for understanding and remembering. The CIA Triad stands for Confidentiality, Integrity, and Availability; Confidentiality is the same as privacy by not allowing any type of private information to be accessed without authorization and setting up measures to make sure that unauthorized people don’t gain access. Integrity is all about making sure the information is constantly accurate and trustworthy, and keeping it from being changed by people without authorization at any point. Availability means that information should always be accessible for the people with the right authorization, it also means that maintaining systems and any type of hardware that is needed has to always be ready to be accessed. Availability can be more on the hardware side of things that requires constant maintenance and making sure that if something like a natural event happens and something happens to the system access, we need to take priority to get that back and working again.
Authentication vs Authorization
Now that brings me to my next talking point, on authentication and authorization seeming like they mean the same thing when they are actually different in the way that authentication comes before authorization. “Authentication is the meaning of a user actually identifying themselves to a person or system” (Jain, 2024), a common example is putting in a username and password or if I go to the doctors and they need identification and confirmation of my full name and birthday, that would be them getting authentication. Authorization is what happens after they put my credentials into a website or I give my credentials to a person to gain access to something that’s private to me, authorization is that confirmation of my identity or that I am the person that is requesting to gain access to my private information. “Sometimes authorization can also involve a person giving the ability for someone else to have access to their private information pertaining to them” (Jain, 2024), the doctors might ask me if I would give authorization to a spouse, dependent, or parents to allow for them to hear or gain access to private information that is pertaining to me. While they are different in what they do, they require each other to allow for the access of private information. Authorization can’t happen without authentication for most of the things that require access to sensitive information or private access.
Protecting Our DNA From Cybercriminals
Ethical Concerns
(2) I decided to talk about the CIA Triad because it ties into the idea of digitizing DNA becoming more common and bringing in a lot of concerns on the privacy and safety of information that will be digitized. DNA is our entire existence and the thought and possibility of it being stolen is very concerning, “because it could be used for anything and it would be hard to prove the person’s actual identity if it is stolen” (Gallegos, 2017). Also trying to prove someone’s identity would be almost impossible because you can’t change your DNA, so if someone’s DNA is taken it will be impossible to get that back until something is made possible to do that, which is a talking point against it happening. (2) Another concern that is brought up is the access of information that the person will be able to get into and use, if any of us has connection to certain security entities that could possibly be targeted with our identities, let alone any private information about us that could put our families at risk. There are a lot of ethical concerns that are very valid to have when it comes to dealing with people’s DNA, “even though people’s DNA is used for other measures like trying to search up ancestry” (Gallegos, 2017), digitizing people’s DNA is a whole different high level security risk. Now to add on with the concerns of the Cybersecurity field.
Cybersecurity Concerns
The digitization of DNA comes with a lot of Cybersecurity concerns that will require a lot of planning and resource management for the protection of our DNA. DNA would become a very big target for people to want and sell, so the Cyberbiosecurity field would have to be ready 24/7 and set up plans for any risk that could happen. The resources and cost that would need to be allocated to supporting the protection and maintenance of systems would also have to be communicated and worked on with higher ups, and that could be very resource intensive because of the high risk. Another concern that could arise is what happens after someone’s DNA gets stolen and how much of a risk is that person’s identity? (2) The possibility of someone’s DNA being taken could spiral into a lot of different security problems that could take a long time to figure out and combat, to make sure that all of our DNA will be secured.
Conclusion
To conclude my talking points, The CIA Triad is an important model in Cybersecurity that sets guidelines of what will be followed and what the procedures are in making sure that private or sensitive information is always kept safe and only allowed by authorized personnel. You can’t have authorization without authentication when it comes to gaining access to private information, it’s the two things that keeps our information safe and other people’s information safe from people that want to do something bad with that information, even with the inclusion of 2FA adding on to the security. And talking about the digitization of DNA being a risky idea that could cause people’s DNA to be stolen and used for bad intentions or sold on the dark web. It puts regular people in danger of having their identity completely stolen and the high possibility of not being able to get their identity back until there’s a way found out, but it’s also a risk for cybersecurity field in general because of the effects that it could cause if the wrong people’s DNA starts getting used for secured information or just private information.(3) While I do understand that there is a possibility that digitized DNA could be very good for research in medical problems, It’s just too much of a risk that could end up unfixable and the resources that would need to be put in place to protect people would be very high for even the slightest risk. Also showing the CIA Triad in full force, because of the three principles (Confidentiality, Integrity, Availability), beginning at risk and the importance of authentication and authorization process being not secure.
Reference
Gallegos, J. E., Peccoud, J., FF4BB2BC-B3A4-4FBD-B8A4EE080E321552, /author/the-Conversation-Us/, 4SGwgVplZn78AUrz0vAX2R, US, T. C., The-Conversation-Us, Curated by professional editors, T. C. offers informed commentary and debate on the issues affecting our world., & Partner. (2024, February 20). DNA has gone digital–what could possibly go wrong?. Scientific American. https://www.scientificamerican.com/article/dna-has-gone-digital-what-could-possibly-go-wrong/
Hashemi, C., & Chai, W. (2023, December 21). What is the CIA Triad? | Definition from. TechTarget. Retrieved June 1, 2025, from https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Jain, S. (2024, July 24). Difference Between Authentication and Authorization. GeeksforGeeks. Retrieved June 1, 2025, from https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
Pulivarti, R. (2025, March 18). How secure is your DNA?. NIST. https://www.nist.gov/blogs/taking-measure/how-secure-your-dna
Rizkallah, J. (2024, August 12). Hacking humans: Protecting our DNA from Cybercriminals. Forbes. https://www.forbes.com/councils/forbestechcouncil/2018/11/29/hacking-humans-protecting-our-dna-from-cybercriminals/