The CIA Triad

Posted by cdatu001 on

First and foremost, the CIA Triad is not the central intelligence agency that serves as the first line of defense of the United States and analyzes information to further avoid threats. Instead, it is a security model that is designed to guide information storing policies. It includes the three most crucial components of security: confidentiality, integrity, and availability. To begin with, confidentiality is a set of rules that limits access to information. It’s usually comparable to privacy. It ensures that only specific parties have access to sensitive details. For example, when obtaining access to an ATM it requires a physical card and a pin number to acquire data of a bank account. Integrity is the assurance that an information is accurate. It involves maintaining data consistency and making sure it isn’t altered in some type of way. A backup safeguard data fits the narrative of integrity because it defends itself from malware and internal threats. Lastly, availability is the guarantee of accessible information. This means that systems, and applications are up and running. It’s essential to maintain hardware and stay up to date with all system upgrades or it will lead to an availability failure.

Much of confidentiality can be accomplished through authentication and authorization. When establishing authentication, these can include passwords, security tokens or biometrics. For instance, prior to logging onto an ODU account, the system asks me to provide my password and a seven-digit code to prove my identity. As far as technology, till this date I have owned an Apple iPhone that has a biometric verification. A single swipe or placement of my thumb verifies me as a user of my cellular device. Authorization refers to the rules in terms of what an individual can see. This means that although a system knows who you are, it won’t completely open all its data. In particular, let’s just say a person is entering a building with their access card; that’s their authentication. The card claims who the person claims to be. However, just because an individual can enter a building doesn’t mean they can enter every floor. There are usually restricted areas in a building that has zero accessibility; that is authorization. Both concepts are different and independent from one another. To keep it simple, authentication needs a user identification and password to enter a Windows operating system. However, he or she may not have access to all the systems or databases; that’s where authorization comes into play.

References

Walkowski, D. (2019, July 9) What is the CIA Triad? f5. https://www.f5.com/labs/articles/education/whatistheciatriad

Cush, J. [Eye on Tech]. (2020, March 3). What is the CIA Triad? Confidentiality, Integrity, Availability [Video]. YouTube. https://www.youtube.com/watch?v=nwk7jf2I1t0

Leave a Reply

Your email address will not be published. Required fields are marked *