Confidentiality, Integrity, and availability – colloquially known as the CIA triad – in conjunction
with authentication and authorization make up the foundation of information security. This
guidance helps organizations formulate security plans, policies, and procedures that enable them
to keep safe the information of their customers as well as their own networks. Confidentiality,
which is typically stated first in the CIA triad, means to keep information out of the control or
view from anyone that does not have authorized access. The second, integrity, means that
information or data shall not be altered – whether it is data at rest or in transit. Many times, this
can be facilitated through version control, read-only documents or files, cryptology, logs, and via
other means. Lastly, availability means that the information is readily accessible for authorized
users. While the CIA triad is not exhaustive, there are other tools that can strengthen CIA such as
authentication and authorization.

Authentication and Authorization
Authentication is a way to verify that somebody is, in fact, who they claim to be. This
could be something you are, something you know, or something you have. A few examples of
these things are biometrics (something you are), password (something you know), RSA token
(something you have). While authentication of an individual proves who they are, authorization is a concept that challenges what permissions you have. As geeksforgeeks.org (2023) put it “In
the authentication process, the identity of users is checked for providing the access to the system.
While in the authorization process, the user’s authorities are checked for accessing the
resources.” While these actions alone won’t keep users and organizations safe, they supplement
the CIA triad and, in conjunction with one another, provide a safer cyber environment for
everyone.

Example of the CIA Triad
ODU has a great model for the CIA in concert with authentication and authorization. The
school employs confidentiality through user control on their portals. Not just anyone on the
internet is able get onto ODU’s student dashboard. One must first have an account with the
school, which is controlled by the system administrators, and is only given once accepted into
the university. ODU then employs a method of authentication via Duo Mobile 2fa – something
you have. Integrity is considered through the use of password protected accounts. If you don’t
have authorization to view or manipulate something, then you will not have access to the
protected information. Lastly, ODU achieves availability through the use of cloud services such
as Google Drive. This enables the university to host information on multiple platforms and
different, geographically separated servers.

Conclusion
The CIA triad, authentication, and authorization are a great foundation to establishing a
secure cyber environment. These building blocks give organizations a starting point, and serve as
a guide to protecting their networks and their customer’s information. While these principals are
useful, technology grows at a rapid pace; and with the advent of AI, we are going to have to
modify these principals in a way that makes our networks stronger and more adaptable to
change.

REFERENCE:
GeeksforGeeks. (2023). Difference between Authentication and Authorization. GeeksforGeeks.
https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/