What is the CIA Triad? 

The CIA Triad is a framework that combines three key components of information security (confidentiality, integrity, and availability) and is used to guide the creation of security systems and policies. Confidentiality refers to the preservation of authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information (Nieles et al.) An example of this includes multi-step authentication for social media accounts. Integrity is used to explain the guarding against improper information modification or destruction and ensuring information non-repudiation and authenticity (3). A digital signature is an example of integrity since it is something that cannot be replicated. Availability ensures timely and reliable access to and use of information (3). Backup and data recovery plans (“Availability | Office of Information Security | Washington University in St. Louis”). These three elements are fundamental in developing and maintaining security and privacy regulations. The core of information security is built around the CIA triad. 

Authentication v. Authorization 

The main difference between the two terms listed above is that one is used to verify the identity of a user while the other verifies what specific applications, files, and data a user has access to. According to the National Institution of Standards and Technology (NIST), authentication is “the process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system” (CRSC Content Editor). This can present itself in the form of fingerprints, passwords, or facial identification. The NIST defines authorization as the process of verifying that a requested action or service is approved for a specific entity. Examples of authorization include file permissions and access to certain networks. The two processes are often used in tandem and are very important aspects of the login process. 

Conclusion                                                                                                                                             

The CIA Triad serves as a foundational framework for information security. The three components, confidentiality, integrity, and availability, are used in conjunction to create and enforce cybersecurity policies that keep sensitive information and data both accessible and secure. Furthermore, understanding the distinction between authorization and authentication is crucial in building efficient security protocols when it comes to identity verification and access control. By integrating all of these concepts, organizations can strive to make a safer digital environment. 

Works Cited

“Availability | Office of Information Security | Washington University in St. Louis.” Informationsecurity.wustl.edu, informationsecurity.wustl.edu/items/availability/. 

CRSC Content Editor . “Authentication – Glossary | CSRC.” Csrc.nist.gov, csrc.nist.gov/glossary/term/authentication. 

Nieles, Michael, et al. “An Introduction to Information Security.” An Introduction to Information Security, vol. 1, no. 1, June 2017, p. 81, nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf, https://doi.org/10.6028/nist.sp.800-12r1. Accessed 23 Feb. 2025.