PROLOGUE
The CIA Triad stands as a widely recognized model shaping information security policies, built
upon three core elements: confidentiality, integrity, and availability. Authorization and
authentication, grounded in these principles, play pivotal roles. However, each contributes
uniquely within the CIA Triad framework.
What is the CIA triad?
The CIA Triad consists of three main principles: Confidentiality, Integrity, and Availability.
These principles form the basis of Information Security and guide policies for storing information
securely. However, each principle contributes differently to the CIA Triad framework.
Confidentiality involves rules that control access to information, preventing unauthorized access.
It essentially ensures privacy within the Triad. Integrity ensures that information is accurate and
trustworthy, maintaining consistency over time. Availability guarantees reliable access to
information, requiring consistent hardware maintenance and system upgrades. These principles
are crucial in information security (Eye on Tech, 2020).
Authentication
Identity verification, a crucial aspect of maintaining secure access in information security,
is overseen by authentication. Authentication is the process of confirming a user’s or device’s
identity before granting entry to a system or resources. Think of it as the guardian of information
security, ensuring that only authorized users gain access. To achieve this, users need to provide
identification to verify their identity when attempting to access information on a network. This
identification remains confidential between the user and the system. Examples of authentication
methods include facial recognition, finger scans, two-factor authentication, access cards, key
fobs, single-factor authentication, one-time passwords, and the classic username and password
(Magnusson, 2023).
Authorization
Another vital component in maintaining secure access within information security is
authorization. Authorization plays a key role in specifying the level and type of access a user can
have to resources. It essentially communicates to the user what actions they are permitted to
perform with their data and applications. After a user has been authenticated, their authorization
defines the range of operating systems, applications, functionalities, and the extent of their ability
to modify data. Examples of authorization methods encompass attribute-based access control
(ABAC), mobile access control, and graph-based access control (GBAC) (Schwarz, 2023).
Authentication vs. Authorization
Despite their seeming similarity, Authentication and Authorization carry distinct meanings.
While Authentication verifies user identity, Authorization grants permission to access information.
Without Authentication, users cannot access any resources or information. Similarly, without
Authorization, even authenticated users are unable to use system-provided resources or
information. Consider an employee in a security office who may be authenticated but lacks
authorization for servers or hardware managing overall office operations, restricting their access
to certain appliances and databases essential for their role (Schwarz, 2023).
Conclusion
In conclusion, the CIA Triad plays a vital role in maintaining the privacy, availability, and
security of information within the information security system. The effectiveness of this
framework relies on the key components of authorization and authentication, working
harmoniously to safeguard our information. Together, these elements contribute to the overall
safety of our data.
References
Schwarz, L. (2023, November 13). What is authorization? Definition & examples. Oracle
NetSuite. https://www.netsuite.com/portal/resource/articles/erp/authorization.shtml
Eye on Tech. (2020, March 3). What is the CIA Triad? Confidentiality, Integrity, Availability
[Video]. YouTube. https://www.youtube.com/watch?v=11_Hp5Dvx5E
Magnusson, A. (2023, February 13). Authentication: Definition, Types, Uses & More |
StrongDM. https://www.strongdm.com/authentication
What is the CIA Triad_ Definition, Explanation, Examples – TechTarget.pdf. (n.d.). Google Docs.
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view