{"id":291,"date":"2025-11-24T02:44:31","date_gmt":"2025-11-24T02:44:31","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/demarcosivery-armstrong\/?p=291"},"modified":"2025-11-24T02:44:31","modified_gmt":"2025-11-24T02:44:31","slug":"cia-triad-confidentiality-integrity-availability","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/demarcosivery-armstrong\/2025\/11\/24\/cia-triad-confidentiality-integrity-availability\/","title":{"rendered":"CIA Triad (confidentiality, Integrity, Availability)"},"content":{"rendered":"\n

What is CIA?<\/strong>
A model used for designing and evaluating security controls. Think of this as your
foundation in which everything else gets built off of. The Chai article describes the triad as a model
that guides organizational InfoSec policies.
Confidentiality<\/strong>
This is to prevent the unauthorized disclosure of data. Examples include role-based
permissions, file or folder permissions, encryption, or the principle of least privilege.
Integrity
<\/strong>To prevent unauthorized alteration. Ensure the data was sent how it was sent. My favorite
are cryptographic hashes, but others exist like digital signatures or input validation.
Availability<\/strong>
verifies authorized users have access to data or systems when needed. An example would
be DDOS mitigation and how the customer doesn\u2019t have to suffer from preventable things. NIST
defines availability as being accessible upon demand by an authorized entity.
Authentication vs. Authorization<\/strong>
I’m going to break this down in a very simple way because in the beginning it took me a
while to grasp. Authentication is who are you? And authorization is what are you allowed to do.
Authentication can be managed with biometrics, smartcards, tokens or even passwords while
authorization are you basic read, write, execute level accesses.
<\/p>\n\n\n\n

<\/p>\n\n\n\n

Sources<\/p>\n\n\n\n