The CIA Triad is a foundational model in information security that consists of three critical principles: confidentiality, integrity, and availability. Confidentiality ensures that sensitive information is protected from unauthorized access and remains private, often enforced
through encryption, strong passwords, and access controls (Chai, 2022). For example, online banking systems use encryption and multi-factor authentication to safeguard financial data. Integrity guarantees that data remains accurate, consistent, and unaltered throughout its lifecycle, employing techniques such as checksums, version control, and digital signatures to prevent tampering (Chai, 2022). An instance of this would be a business using version control to prevent unauthorized changes to essential documents. Availability ensures that information and systems are accessible to authorized users whenever needed, which requires proper maintenance of hardware, software updates, and backup systems to prevent downtime or data loss (Chai, 2022). For example, websites use redundancy and failover mechanisms to stay operational during periods of high traffic or hardware failures.
Authentication vs. Authorization
While closely related, authentication and authorization serve different purposes in information security. Authentication is the process of verifying the identity of a user or system, answering the question, “Who are you?” This process can include methods such as passwords, biometric scans, or two-factor authentication (Chai, 2022). For instance, entering a username and password to log into an email account is a form of authentication. Authorization, in contrast, determines what resources or actions an authenticated user is allowed to access or perform, answering, “What are you permitted to do?” For example, an employee may be authorized to view their own payroll information but not that of others within a company (Chai, 2022). Together, these concepts, along with the CIA Triad, form the core framework for securing information systems by ensuring data confidentiality, integrity, and availability while properly managing user access.
Reference:
Chai, W. (2022). What is the CIA Triad? Definition, Explanation, Examples. TechTarget.
Retrieved from
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view