A Summary of the CIA Triad, Authentication, and Authorization
The CIA triad is the balance between confidentiality, integrity, and accessibility. It is the basis for how many organizations operate. Authentication is credentials that prove that you are who you say you are. Authorization is the level access that one has been granted.
CIA Triad
CIA guiding principle within information security and it stands for stands for confidentiality, availability, and integrity. Think of the CIA Triad as three separate values that must equal up to 100 in total. Organizations manipulate the values based on the importance of each category. The only caveat is that the more money an organization spends on staff and technology increases the value total. In today’s interconnected world, the CIA Triad is used in varying based on a needs analysis.
Confidentiality refers to the privacy of data or the methods of ensuring that data does not get released and only those with certain criteria are authorized to access. The military uses levels of confidentiality that if disclosed would be a minor inconvenience to a national level threat. Each level would also increase encryption and the required authorization. Non-military organizations will sometimes use their own privacy labeling schemes and methods safekeep data. Encryption and training can increase the level of confidentiality to those that have a need to know or are authorized.
Integrity to some is about doing the right thing when no one is looking. In a similar fashion, the integrity in the CIA Triad is data that is non-repudiable, or essentially, it is authentic, and it is what it says it always has been. There are various ways to ensure that the data being sent across the network remains unmodified. These methods include digital signatures, event logs, digital signatures, and removing accounts that no longer require access.
Availability is how accessible data is to authorized individuals. While it is important to have an iron clad security policy and control protocol, the harder it is for authorized users to access data the lower the productivity and the increase in end user frustration. This concept is not only geared towards active availability but also potential availability. Backups and disaster recovery are also parts of availability. It is worth mentioning that Availability is considered by some as the most important facet of the CIA Triad (Mir, Quadri 2016).
Authentication and Authorization
In the paragraphs above authorization and authentication are mentioned to various degrees. Authorization is the access to data, systems, or areas that one can obtain based on their position or role within the organization while authentication is the proof that they are who they say they are. In the military, members are investigated and certified as to their identity and then given access cards as a means of standardizing their credentials. The card also acts their authentication and authorization into a given area or system. Having the card was not like a Willy Wonka Golden Ticket to the chocolate factory, but a form of security control that restricted access and allowances to what was deemed appropriate for their need to know and level of “importance.”
Conclusion
Many of today’s organizations require CIA Triad, authorization, and authentication. Confidentiality is keeping data reserved only for those that require it. Integrity is about data non-repudiation. Availability is about how users can access data. Authorization is the credentials one is granted or requires in order to use specific data or systems. Finally, authentication is the non-repudiation of oneself.
References
Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples. WhatIs. Retrieved January 25, 2023, from https://www.techtarget.com/whatis/definition/Confiden tiality-integrity-and-availability-CIA?jr=on
Mir, S. Q., & Quadri, S. M. (2016). Information Availability: An Insight into the Most Important Attribute of Information Security. Journal of Information Security, 7(3), 185-194. https://doi.org/10.4236/jis.2016.73014