CIA Triad and Authentication & Authorization

Posted by ctart002 on

The CIA Triad is made up of three parts. They are confidentiality, integrity, and availability. There is a difference between authentication and authorization. Authentication is who and authorization is what.

CIA Triad

The CIA Triad is a way that cyber security is used in different organizations (What Is the CIA Triad? Definition, Explanation, Examples , 2022). The CIA Triad is made up of three distinct parts: Confidentiality, Integrity and Availability. Confidentiality is basically privacy (What Is the CIA Triad? Definition, Explanation, Examples , 2022). This is used to make sure that people who do not need to access the information are not allowed to. Integrity is used to make sure the correct user is the only one able to change certain things. Two examples of Integrity are user controls and file permissions (What Is the CIA Triad? Definition, Explanation, Examples , 2022). Being able to access the data when and where you want is Availability. You will need to make sure that your technology is capable and kept up to date (What Is the CIA Triad? Definition, Explanation, Examples , 2022).

Authentication & Authorization
Authentication is used to make sure the person accessing data is the correct person (SailPoint, 2021). Authorization is used to figure out which data the person is allowed to access (SailPoint, 2021). Basically, authentication is the who and authorization is the what. That is a pretty large difference between the two things. An example of authentication is 2 different co-workers, Jim and Bob are both trying to login to their work computers. They both have different usernames and passwords to authenticate they are the correct person and not the other user. Using the same two people for the authorization example. Bob is a manager and Jim is just a normal employee. Bob is authorized to access more and different data then Jim.

Conclusion
The CIA Triad is made up of three different parts. Confidentiality is privacy, Integrity is making sure the correct people access the data and Availability is being able to access the data when and where you want. Authentication is the process of making sure the user is who they say they are. Authorization is making sure the user is only accessing the correct data.


References
SailPoint. (2021, July 19). Difference between Authentication and Authorization . SailPoint. Retrieved January 29, 2023, from https://www.sailpoint.com/identity-library/difference-between-authentication-and-authoriz
ation/
What is the CIA Triad? Definition, Explanation, Examples. (2022, June 28). TechTarget. Retrieved January 29, 2023, from https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?j r=on


Leave a Reply

Your email address will not be published. Required fields are marked *