CIA-Triad: Difference between Authentication and Authorization

Posted by dflow001 on

David Flowers
Department of video game development and design, Old Dominion University
CYSE-200: Cybersecurity, Technology & Society
Dr. Christopher Bowman
February 22, 2026

What is the CIA Triad

Authentication and Authorization is a component of the CIA triad, thus it is important to
understand the triad. The CIA Triad stands for Confidentiality, Integrity, and Availability.
Confidentiality is about how well information is protected. This means that many measures are
taken into account to ensure that no one can break into a place physical or digital to steal data,
and This is seen in the Chai article when it is stated by Chai (2022) “Confidentiality measures
are designed to prevent sensitive information from unauthorized access attempts.”(p.1). Integrity
means ensuring the trustworthiness of information. This includes when information is being
moved or transferred and this information must not be altered by third parties that do not have
the proper authorization Chai (2022) “Data must not be changed in transit, and steps must be
taken to ensure data cannot be altered by unauthorized people.”(p.2). Availability represents the
ability to allow authorized people to have access easily whenever they request to view the
information. Availability also covers ensuring that hardware and software are up to standard so
then they won’t fail to bring forth information Chai (2022) “This involves properly maintaining
hardware and technical infrastructure and systems that hold and display the information.”(p.2).

Authentication vs Authorization

Authentication and Authorization can be seen as really similar in concept. In use they are
two completely different subjects that are important to securing information to ensure that
unauthorized personals do not have access to it. First off Authentication is mainly about
confirming that someone is who they say they are. This can be done with passwords, codes, two
factor authentication, and other forms of authentication Kosinski (2025) “the Authentication
process relies on credentials, such as passwords or fingerprint scans, that users present to prove
they are who they claim to be”. An example of Authentication is logging into google and you
prove who you are to google by entering your gmail account and password. Authorization is built
upon user power and their ability to have access to certain information/data or be able to change
certain information/data. This also extends to online networks and resources as stated from IBM
Kozinski (2025) “The authorization process relies on user permissions that outline what each
user can do within a particular resource or network”. An example of Authorization is a person
can have a lower level authorization and be allowed to know that coffee can taste better with
milk, but a person with a higher level authorization will be allowed to know that almost all
preground coffee is crushed and mixed with cockroaches.

Conclusion

To reiterate the CIA triad is a major part of security and Authentication and Authorization
are a component of the triad. The CIA triad stands for Confidentiality, Integrity, and Availability.
Authentication is about identifying that a user claims who they are. Authorization is built around
the concept that users have different levels of permissions, thus each user should only have
access to what they have access to.

References

Chai, W. (n.d.). What is the CIA triad_ definition, explanation, examples – techtarget.pdf. Google
Drive. https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view


Kosinski, M. (2025, November 17). Authentication vs. authorization: What’s the difference?
IBM. https://www.ibm.com/think/topics/authentication-vs-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *