The CIA Triad (Confidentiality, Integrity, Availability) article explains what it is, how it works, and why it’s important. CIA Triad is the model guide for Cybersecurity policies that is universally agreed and followed on. The CIA Triad is a very simple model that makes understanding what should be followed, even though there is an argument that it should be changed, it is still a very good guideline that can be easily understood.
What Is The CIA Triad?
The CIA Triad is a set model that is used as a guideline for policies in Cybersecurity, sometimes it goes by AIC to not be mistaken for The CIA, it doesn’t matter how it’s followed because it’s a triangular model that is used for understanding and remembering. CIA Triad stands for Confidentiality, Integrity, and Availability; Confidentiality is the same as privacy by not allowing any type of private information to be accessed without authorization and setting up measures to make sure that unauthorized people don’t gain access. Integrity is all about making sure the information is constantly accurate and trustworthy, and keeping it from being changed by people without authorization at any point. Availability means that information should always be accessible for the people with the right authorization, it also means that maintaining systems and any type of hardware that is needed has to always be ready to be accessed. Availability can be more on the hardware side of things that requires constant maintenance and making sure that if something like a natural event happens and something happens to the system access, it needs to take priority to get that back and working again.
Authentication vs Authorization
While both authentication and authorization seem like they mean the same thing, they are actually different in the way that authentication comes before authorization. Authentication is the meaning of a user actually identifying themselves to a person or system, a common example is putting in a username and password or if you go to the doctors and they need identification and confirmation of full name and birthday. Authorization is what happens after you put your credentials into a website or give your credentials to a person to gain access to something that’s private to you, authorization is that confirmation of your identity or that you are the person that is requesting to gain access to private information. Sometimes authorization can also involve a person giving the ability for someone else to have access to private information pertaining to them, the doctors will ask if you would give authorization to a spouse, dependent, or parents to allow for them to hear or gain access to private information that is pertaining to you. While they are different in what they do, they require each other to allow for the access of private information and you can’t have authorization without authentication for most of the things that require access to sensitive information or private access.
Conclusion
The CIA Triad is an important model in Cybersecurity that sets guidelines of what will be followed and what the procedures are in making sure that private or sensitive information is always kept safe and only allowed by authorized personnel. It’s a very simple model to remember and keep track of to always remind people of what needs to be done. You can’t have authorization without authentication when it comes to gaining access to private information, it’s the two things that keeps our information safe or other people save from people that want to do something bad with that information, even with the inclusion of 2FA adding on to the security.
References
Hashemi, C., & Chai, W. (2023, December 21). What is the CIA Triad? | Definition from. TechTarget. Retrieved June 1, 2025, from https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Jain, S. (2024, July 24). Difference Between Authentication and Authorization. GeeksforGeeks. Retrieved June 1, 2025, from https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/