Confidentiality, integrity, and availability- the model guide for information security policies. In this triad authorization and authentication are in relation, authentication is verification, and authorization is the privileges granted to the verified.

Identifying The CIA Triad

• Confidentiality is an equivalent to privacy; confidentiality is designed to prevent sensitive from unauthorized sources. This is how a company usually protects its data, more importantly, user data.
• While integrity is basically how trustworthy a company is with data. Data must be consistent and not altered to maintain good consistency, which is how integrity is determined.
• The end of the triad is availability, which means the information should be accessible to authorized parties consistently. This is usually seen/displayed by a company’s ability to maintain hardware and manage their systems and operations that display/hold information.

How it is used.

The CIA triad is a good model for how authorization and authentication should be managed. As the two processes might easily be misunderstood, due to their close relationship. It is good to know that even though the two are in relation, they are not similar.

Think of authentication, it verifies identity, while authorization determines access to privileges. For example, imagine you were at a club; authentication is showing your ID to the bouncer. The bouncer confirms who you are when doing this. Authorization in this scenario determines whether you can access certain areas within the club, for example, a VIP section. Without being authorized to be within the VIP section, you aren’t granted the privilege to be within it.

The CIA triad is a model designed for computer safety and gives the relation between authentication and authorization, while maintaining their differences.