The CIA Triad

Posted by emaso009 on

What is the CIA Triad?

The CIA Triad

The CIA Triad is a model of rules and guideline policies used for information security. Being formed over many years as early as the 1970’s, the triad consists of confidentiality, integrity and availability (Chai 2022).

Confidentiality

The confidentiality component in the triad refers to the security of information, and the rules that limit who has access to said information. Also often referred to as privacy. Confidentiality is the way information is kept inside closed doors, and only available to those who have the need to know and clearance for that information. Certain guidelines and rules need to be placed to keep that information confidential (Chai 2022). Policies, multi-factor authentication and encryption can be used to ensure confidentiality (Fortinet).

Integrity

Integrity is keeping the data and information safe and secure from any corruption and keeping it in its original form. It requires protection from accidental or unauthorized deletion, modification, and corruption (SailPoint). To keep the integrity of the data and information it must be authentic and accurate. No outside or unauthorized users have touched the data, and it is pure and original. Hashing, digital certificates and encryption can be used to ensure the integrity of the data information (Fortinet).

Availability

The availability component refers to how available and readily accessible the information is to authorized persons only. This component can have multiple requirements, it requires the databases that contain the information to be updated and running properly, as well as the information to be where it belongs, and those authorized users to have easy access to the database to retrieve the information (Chai 2022). The systems and databases must be functioning correctly to be available. Networks, servers and applications can be used to ensure availability (Fortinet).

Authorization

Authorization is which users and personnel have access and the ‘authority’ to access specific information and data. It is a process in which that user is given the permission

needed to access the confidential information. Also, the determination of the access level that user has and what they can access with that clearance based on the user’s access level (Fortinet).

Example: When you go to a concert, you must have a ticket to show you have the authorization to enter the venue and concert. When you book a flight, you are given a boarding pass, you must show this boarding pass at the gate to prove you have authorization to board the plane.

Authentication

Authentication can be equaled to verification; it is the process to verify that someone is who they say they are. To verify their identity, usually by some sort of authentication process or system before they can access information (Fortinet).

Example: When you go through security at a government building or even going through TSA at airport security, you are required to show a government issued ID, this is to verify and authenticate your identity, proving that you are who you say you are.

Authorization V.S Authentication

While the line between the two may get blurred due to the similar name and the similar process in how each of them work, they are different processes and work differently in a system. Authentication is the first step, proving the user’s identity before they can even begin to attempt to access any sort of information. Once their identify has been verified and authentication has gone through, then they go onto authorization and can attempt to access the information based on their authorization level (Fortinet).

The examples stated under authorization and authentication work together, you must authenticate your identity through airport security first, then you must show your ticket to show you have authorization to board the flight. They work hand in hand, but authentication must come first in order to allow the ability to attempt authorization.

References

Authentication vs. authorization: Key differences. Fortinet. (n.d.-a). https://www.fortinet.com/resources/cyberglossary/authentication-vs-authorization

Chai, W. (2022, June 28). What is the CIA triad?: Definition from TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability- CIA?jr=on

CIA triad: Confidentiality, integrity, and availability. SailPoint. (n.d.). https://www.sailpoint.com/identity-library/cia-triad#

What is the CIA triad and why is it important?. Fortinet. (n.d.-b). https://www.fortinet.com/resources/cyberglossary/cia-triad#:~:text=Availability,- Even%20if%20data&text=This%20means%20that%20systems%2C%20networks,an%20i nordinate%20amount%20of%20time.

Leave a Reply

Your email address will not be published. Required fields are marked *