Using the Chai Article (Links to an external site.), along with additional research you will conduct on your own, describe the CIA Triad, and the differences between Authentication & Authorization, including an example.
The CIA Traid
The CIA triad is confidentiality, integrity, and availability. The three make up a triangle, with each tip representing confidentiality, integrity, and availability. “Information can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity, and availability—the well-known CIA triad” (de Oliveira Albuquerque, 2014, p. 1). This system helps keep information safe, but we will see that no matter how well applied or how much money is invested into the program, there is always a risk.
Confidentiality
Confidentiality is protecting data by ensuring that only authorized people have access to the data. The company is responsible for ensuring the requirements for their privacy. “Confidentiality requirements refer to a situation whereby only the senders and the recipients of packets can access transmitted data among nodes, i.e., sensitive data should be protected from unauthorized accesses” (Adefemi et al., 2020, p. 7). Many times, we see compromised keys or eavesdropping here to gain access.
Integrity
Integrity is keeping the data trustworthy, kept from being destroyed, or maybe even modified. “Data integrity refers to the preservation of network data accuracy, completeness, and reliability” (Kumar, 2014, p. 26). In my work, we don’t want information that was sent to another group to be modified or altered. It would have deadly consequences.
Availability
Lastly, availability is important. There could be nothing worse than users of the system not having access to the system. This could cause harm to the customers and/or people who need information or services. As we all know, time is money.
AUTHENTICATION & AUTHORIZATION
Authentication
Authentication is the method we use to verify your identity. My favorite is two-factor authentication. In the shipyard, we use two-factor authentication. I must swipe my Command Access Card, and then enter my 6-digit PIN. Another type of two-factor authentication is when you use the atm and enter your PIN, or when you call your bank, and they send you a text with a PIN that you must verify. While this method is used, it is not always safe. For example, an unlocked iPhone could allow someone who stole it to access your accounts and then get the PIN sent to your phone. Authentication allows you to prove your identity to access systems, networks, or some type of device. It allows companies to have some type of protection against cybercriminals. Today, criminals are two steps ahead of new scams and technology. Verizon uses my voice as my password when I call. Today with AI, I’m wondering how safe it is. Biometrics aren’t even safe in today’s technology.
Authorization
“This is the process of providing access to particular information or a system to a party based on their identity. After going through the authorization process, one is allowed to have access to some or all of the data in a specific environment or system” (de Oliveira Albuquerque, 2014, p. 22760). It’s important for those who set this up to ensure that everyone is assigned roles. For example, I pay people at work, and only a few people have access to that database. Then few people have other types of access. For example, I can go and change pay up to a year ago. Anything after that, I must submit a case to a higher level to fix. For example, Snowden was given access to files he didn’t need. At my work, if you call to have your computer worked on, we are not allowed to have any emails, and/or databases, or classified material open. Before an IT employee can remotely log in, they must verify that no material is opened. So even though they have authentication to the computer, they do not have authorization to the data we do.
Conclusion
Our advisories are always two steps ahead of us. The CIA triad is a way to keep information safe. It will help organizations to get policies to keep their information safe. Today’s world is full of information on people who want to use information to harm others or take advantage of them. By using the confidentiality, integrity, and availability of the CIA triad organization can create another tool to use.
References
Adefemi Alimi, K. O., Ouahada, K., Abu-Mahfouz, A. M., & Rimer, S. (2020). A Survey on the
Security of Low Power Wide Area Networks: Threats, Challenges, and Potential Solutions. Sensors (14248220), 20(20), 5800. https://doi-org.proxy.lib.odu.edu/10.3390/s20205800
de Oliveira Albuquerque, R., García Villalba, L. J., Sandoval Orozco, A. L., Buiati, F., & Tai-
Hoon Kim. (2014). A Layered Trust Information Security Architecture. Sensors (14248220), 14(12), 22754–22772. https://doi-org.proxy.lib.odu.edu/10.3390/s141222754
Kumar, G.; Kaur, A.; Sethi, S. Computer network attacks-a study. Int. J. Comput. Sci. Mo Appl. 2014, 2, 24–32.