An In-Depth Analysis of the CIA Triad

Posted by eboli001 on

What is the CIA Triad?

The CIA Triad is a core concept in Cybersecurity, as it ensures the security of systems and the data inhabiting them. Confidentiality is essential to protect the privacy of all data types, including “personal information, public information, confidential information, and sensitive information” (Shea, 2022). Integrity maintains the trustworthiness of the information being accessed and shared. Availability is the authorization of the user to gain access to data, as well as the maintenance of the systems and networks.

Purpose of CIA Triad

The Triad is designed to enhance data security and protect against data breaches. Data security protects against unauthorized access to information, and breaches occur when information is accessed unauthorizedly. When all three concepts of the CIA triad are met, the company or business is more capable of handling and protecting against breaches such as phishing attacks or accidental leaks.

Concepts of Authentication vs Authorization

Authentication verifies the identity of the person or device used to access information. Authorization is the deciding factor regarding the user being granted permission to use the information. While both are very different, they work together to ensure that the CIA triad’s concepts of Confidentiality, Integrity, and availability are met.

Differences in Authentication and Authorization

Where authentication verifies one’s identity, authorization decides the user’s rights.

  • For example, authentication usually begins with entering a username and password into a device or application like Microsoft. This leads to an active directory, which verifies that you are using the correct passkey and username. This will then grant you access to the system.
  • Leading into Authorization, for example, after logging into your Microsoft account, the system will scan to determine your access and your account’s permissions. Permissions are given using role-based authorization; users are assigned different roles that can grant them access to various applications, websites, file locations, etc.

Both authentication and authorization are critical for the system as they ensure that only authorized users access the system and the data they can access.

Conclusion

As a result of the CIA Triad, information security systems are better managed and effectively more secure. All three concepts, Confidentiality, Integrity, and Availability create a more cohesive security protocol, making businesses and companies that follow more protected.

Citations
Shea, S. (2022, August 11). What is Data Security? the ultimate guide. Security.
https://www.techtarget.com/searchsecurity/Data-security-guide-Everything-you-need-to-know
References
GeeksforGeeks. (2024, July 24). Difference between authentication and authorization.
https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
Chai, W. (2022, June 28). What Is the CIA Triad? Definition, Explanation, Examples.
What is the CIA triad and why is it important? Fortinet. (n.d.).
https://www.fortinet.com/resources/cyberglossary/cia-triad

Leave a Reply

Your email address will not be published. Required fields are marked *