Write Up: The CIA Triad

The first discovery of the CIA Triad stated in the article (What is the CIA Triad? Definition, Explanation, Examples, Chai (2022). “ was as early as 1976 in a study by the U.S. Air Force. Likewise, the concept of integrity was explored in a 1987 paper titled “A Comparison of Commercial and Military Computer Security Policies” written by David Clark and David Wilson. for accounting records and data correctness. Even though it is not as easy to find an initial source, the concept of availability became more widespread one year later in 1988. By 1998, people saw the three concepts together as the CIA triad” (p.7). The CIA Triad consists of three key components: Confidentiality, integrity, and availability. These Three concepts can produce complete security strategies, enforce proper security management, and mitigate threats effectively. It acts as a foundation for developing and assessing security measures and allows organizations to protect their invaluable assets, preserve trust with stakeholders, and comply with legal and regulatory conditions.

These are the breakdown of these three key concepts that form the CIA Triad: Confidentiality is approximately equivalent to privacy. Confidentiality criteria are created to control sensitive data from unauthorized access attempts. It is standard for data to be organized on the authority of the amount and type of harm that could be done if it fell into the wrong control. If so authoritarian actions can then be enforced according to those categories. Integrity involves preserving the consistency, accuracy, and reliability of data over its full lifecycle. Data should not be altered in transit, and steps must be applied to guarantee data cannot be altered by unauthorized people. Availability indicates information should be consistently and easily available to authorized parties. This means properly maintaining hardware and technical infrastructure and procedures that maintain and display the information. These three concepts are essential to cybersecurity. The “triad” can help direct the expansion of security policies for future organizations. When assessing needs and use issues for potential new developments and technologies, the triad allows organizations to ask focused questions about how significance is being delivered in those three key areas.

As the cyber world evolves, so do confidentiality measures. In information security, authentication and authorization play distinct yet interconnected roles in safeguarding systems and resources. Although they are often used together, they address different aspects of security. The purpose of authentication is to determine the identity of users or entities attempting to access a system, and authorization is to determine the level of access and permissions granted to them. To understand the differences between these two vital components of security, let’s examine their definitions and functions.

An authentication process is the first step in establishing the credibility of a system and is performed by creating passwords, one-time pins, biometric information, and whatever else the user provides or enters. Authentication is the first step in establishing credibility and is visible to users and partially changeable by them.(What is the difference between Authentication and Authorization, Sailpoint(2023) For example, “By verifying their identity, employees can gain access to a human resources (HR) application that includes their personal pay information, vacation time, and 401K data”(Sailpoint,2023,para.3).

It is authorization that determines what resources a user has access to. Authorization is determined by settings that are implemented and maintained by the organization. Authorization occurs after authentication has been completed. Authorization cannot be changed either by the user or the organization.(What is the difference between Authentication and Authorization, Sailpoint(2023) For example, “Once their level of access is authorized, employees and HR managers can access different levels of data based on the permissions set by the organization”(Sailpoint,2023,para.3).

In conclusion, authentication and authorization are critical components of cybersecurity and align directly with the support of the principles of the CIA Triad. Authentication demonstrates trust by confirming the identity of entities, while authorization defines the need for actions those entities can take. Jointly, they help defend the confidentiality, integrity, and availability of information and systems, ultimately securing robust cybersecurity procedures and defense against a wide spectrum of threats. Therefore, comprehending and enforcing effective authentication and authorization mechanisms are essential for achieving complete security in the digital era.

Disscussion Boards:

Cyber technology has opened up a whole new world of workplace deviance. Nowadays, employees can engage in a variety of sneaky behaviors, from subtle time-wasting on social media to more serious offenses like data theft and spreading office gossip through encrypted channels. The virtual realm provides a tempting cover for mischief, allowing people to blur professional and personal conduct without ever having to leave their desks. It’s like the Wild West of the digital age, where the mischievous can ride the waves of technology to stir up trouble in ways that were unimaginable in the pre-digital era.