Write-Up: The CIA Triad

Posted by aosio001 on

The CIA Triad is a security model that is used to assist with the security infrastructure and security of an organization. The C stands for confidentiality, the I stands for Integrity, and the A stands for availability. According to Fruhlinger, when all three factors are integrated together, the “triad forces security pros to do the tough work of thinking about how hey overlap and can sometimes be in opposition to one another, which can help in establishing priorities in the implementation of security policies” (2020). In regards to the CIA Triad, Confidentiality pertains to users being able to have their sensitive and private information protected against unauthorized access. Integrity pertains to ensuring that data is true and unmodified. Availability pertains to users having the means to access their data across all channels and systems.

                Authentication and authorization both pertain to the granting of permission to access data that is stored in a system. Although both authentication and authorization are used together, they both have and serve different purposes. In the process, authentication is done before authorization. During authentication, a user’s credentials are checked to see if they are allowed to access the data. Once the credentials are verified and authenticated, the user is then authorized to access the data. So basically, authentication checks to see who is trying to access the data, and authorization is checking to see what the user is authorized to view and access once they are authenticated. Differences between authentication and authorization are listed below (Singh, 2020):

  • In the authentication process, the identity of users are checked for providing the access to the system, while in authorization process, person’s or user’s authorities are checked for accessing the resources.
  • In the authentication process, users or persons are verified, while in authorization, users or persons are validated.
  • Authentication determines whether the person is the user or not, while authorization determines what permission the user has.

References

Fruhlinger, J. (2020). The CIA triad: Definition, components and examples. Retrieved September 26, 2020, from https://drive.google.com/file/d/1Mn3icTLG5X3W7tJjuDaohW8OscHdLOQI/view

Singh, M. (2020, July 07). Difference between Authentication and Authorization. Retrieved September 26, 2020, from https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/

Leave a Reply

Your email address will not be published. Required fields are marked *