Write up – The CIA Triad

on

Demetrius Brown 

Date : 6/4/2026 

The Cia triad and the difference between authentication and authorization 

Bluff bottom line up front 

The CIA tried to confidentiality and integrity the availability of the foundation of information security . It helps to organize the protection of the sensitive information and ensure that the data remains accurate  and make information accessible to authorized users. Authentication and authorization are also essential security concepts, but they serve different purposes to do the authentication verifies who a user is, while authorization determines what that user is allowed to do.  

The CIA Triad 

The CIA  is a cybersecurity model used to guide information security  policies and practices that consists of the three principles like confidentiality , integrity and availability. (chai 2022).  

Confidentiality 

The confidentiality means to protect the sensitive information from unauthorized access. The organizations use passwords, to encrypt multi –  factor authentication and access the controls to ensure that only authorized individuals can view confidential data. For example, a patient’s medical records should only be accessible to healthcare providers and the patient. 

Integrity 

 integrity refers to maintaining the accuracy and the trustworthiness of data. Information should not be altered by unauthorized users or accidental errors. Organizations use the backups,version control, checksums, and the digital signatures to protect the data integrity of (chi,2022) for example the bank must ensure the account balance cannot be changed without authorization. 

Availability 

The availability that means the information and systems are accessible when authorized users need them. Organizations achieve this through system maintenance, backups, disaster recovery plans, redundancy, and network monitoring. If a company website crashes due to a cyberattack or hardware failure, availability measures up to help restore service quickly – chai 2022.  

Authentication vs. authorization  

Although authentication and authorization are closely related, they have different purposes. 

Authentication – is the process of verifying a user’s identity. It answers the question, “ what are you allowed to do? Authorization.  

Authorization occurs after authentication and determines what resources or actions the user is permitted to access. It answers the question, “What are you allowed to do?” Authorization relies on permissions, roles, and access control policies.

For example 

A student logs into a university portal using their username and password. The system verifies the student’s identity through authentication. Another example is an employee who logs into a company’s network using mulit-factor to authentication After their identity is confirmed, the employee may only access files related to their department, while managers or administrators have broader permissions.

 Conclusion 

In conclusion, what I have taken from this is that the CIA triad provides a lot of the foundation to protect the information systems by emphasizing the confidentiality of the integrity and availability. Of those three principles so that they can work  together to ensure that data remains secure, accurate, and accessible. Authentication and authorization complement the CIA triad by verifying user identities and the controlling access to resources. The understanding these concepts is essential for building strong cybersecurity practices and protecting organizational information. 

Leave a Reply

Your email address will not be published. Required fields are marked *