The Three Pillars of Cybersecurity: Explaining the CIA Triad

This paper describes the concept of the CIA Triad and explains each pillar’s core ideas, demonstrates their benefits, and provides examples. The paper also compares and contrasts authorization and authentication, showcasing that they are fundamentally different systems.

CIA Triad

The CIA Triad is a baseline created by cybersecurity teams that provides guidance for both solving problems and general project management. Similar to the core values that many organizations have, the CIA Triad’s three core components of confidentiality, integrity, and availability, ensure the security and efficiency of data collection and interpretation. The triad also serves as a guide, as many of the projects that one would take in cybersecurity carry the goal of bolstering one of, if not all, of these branches. 

Confidentiality refers to the privacy of the information, and regulating who can and can not access it. Like most forms of privacy, its importance stems from the fact that the data a business collects, whether it be about their clients or the business itself, may be sensitive and particularly valuable. Because of this, there are many people who may wish to access this information for malicious purposes, like identity fraud or even espionage. Confidentiality can be ensured through methods like encryption, passwords, and authentication systems like 2FA. 

Integrity refers to the reliability of the information, as data that can be edited or damaged creates great risks for a business. This is where protection of the data is key, whether through physical means or digital means. Examples of this include malware defense, creating backups and utilizing external storage, and physical security, such as simply locking a door. By preventing tampering, a business can ensure that the information they collect is accurate, accessible, and trustworthy. By ensuring the integrity of a system, it also ensures that these systems remain functional and accessible in the event of physical damage, corruption, or cyberattack

Availability refers to the ability for a business to access information in a timely manner. While its importance may not seem as high upon first glance, it is required for many functions of a business to operate efficiently. This can also refer to the retention of data and prevention of damage in the event of hardware or software damage, similar to integrity. This can be accomplished through various means, but perhaps one of the most obvious is simply ensuring that systems and hardware are up to date and readily available. Another way in which this can be accomplished is through streamlining processes of authorization that may be lengthy, but this may come with security risks. 

Authentication vs Authorization

Authentication and authorization, although serving different purposes, are both used to bolster security for systems and databases. For starters, Authorization defines the amount of general access a particular user can achieve (Authorization – OWASP Cheat Sheet Series, n.d.). Unlike authentication, authorization does not apply to specific individuals, rather it mainly applies to the roles of those people. For example, an administrator will generally have more authority over a system than a guest. Generally, the greater the authorization, the more access a user has to a system. The Windows Administrator system is a good example of this, whereas certain users can open programs with enhanced privileges. Authentication, however, are systems that verify the identity of an individual (What Is Authentication? Definition of Authentication, Authentication Meaning – the Economic Times, n.d.). These are usually found in passwords, personal information, and biometrics. Authentication and Authorization often go together, with greater amounts of authentication being given with proper authorization. 

Conclusion

Overall, the CIA Triad functions as a baseline of three core goals to assist cybersecurity workers in developing solutions to many issues the job presents itself with. While broad in its interpretations, the pillars of confidentiality, integrity, and accessibility provide important ideas to consider in any facet of IT and cybersecurity. These solutions can manifest in a variety of ways, but all of them tie back to the triad in some way. Notably, the triad also underlines the usage of other fields in cybersecurity, like administration, in order to properly manage projects. 

Works Cited:

Authorization – OWASP Cheat Sheet series. (n.d.). https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html#enforce-least-privileges

Confidentiality, Integrity, and availability: The CIA triad | Office of Information Security | Washington University in St. Louis. (n.d.). https://informationsecurity.wustl.edu/guidance/confidentiality-integrity-and-availability-the-cia-triad/

Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad (confidentiality, integrity and availability)? WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on

What is Authentication? Definition of Authentication, Authentication Meaning – The Economic Times. (n.d.). The Economic Times. https://economictimes.indiatimes.com/definition/authentication

Leave a Reply

Your email address will not be published. Required fields are marked *