The CIA Triad and Authentication &Authorization

Posted by cpola006 on

In this paper I will break down the acronym of the CIA Triad and discuss the terms and
differences of Authentication and Authorization. Further I will explain the importance of these
terms and their applicability to cybersecurity.

The CIA Triad

The CIA Triad is a basic tenet of Cybersecurity. It stands for Confidentiality, Integrity, and
Availability. These easily defined words are simple to follow and provide a road map to basic
cyber security principles. Confidentiality sets limits on who can access data. Integrity ensures that
the data is valid as originally written and has not been altered by either mistake or a malicious
actor. Availability ensures that the data is available; or a valid backup copy exists (Chai, 2023).
The security posture and importance that organizations and manufactures of IT products place on
overall cybersecurity principles can be defined by the applicability of the basic doctrine of the
CIA Triad within.

Authentication & Authorization

Authentication is proving that a user of information technology is who they say they are.
This can be accomplished by something the user knows (password/pin), something they have
(physical security devices such as Common Access Card/Smart Card) or something they are
(fingerprint, iris, voice, facial recognition). Authorization on the other hand is determined by
limiting authenticated users to what they are allowed to access. Authorization can be given
broadly (such as a public internet site), limited to a particular department (ex: finance), or to a very
limited group of individuals (ex: management).
Authentication and Authorization have two distinct meanings and are often easily
confused. These concepts can be both different and similar. They are similar because they both
rely on proper identification of the user, but they are different in that authenticated users might
not be authorized access to certain information or privileges on a system (OneLogin. n.d.).

Conclusion

In conclusion, I have broken down the acronym of the CIA Triad: Confidentiality, Integrity,
and Availability; and discussed the definition and differences between Authentication and
Authorization. I further explained the importance of these terms and their applicability to
cybersecurity. The usage of the CIA Triad in Cybersecurity, along with an understanding of
Authentication and Authorization will better protect information systems from accidental or
malicious threats.

References

  • Chai, W. (2023, February 10). What is the CIA triad? definition, explanation, examples. WhatIs.com. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
  • Authentication vs. authorization: What’s the difference? OneLogin. (n.d.). https://www.onelogin.com/learn/authentication-vs-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *