{"id":295,"date":"2024-12-02T01:31:23","date_gmt":"2024-12-02T01:31:23","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/ellis\/?p=295"},"modified":"2024-12-02T01:31:23","modified_gmt":"2024-12-02T01:31:23","slug":"cia-triad","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/ellis\/2024\/12\/02\/cia-triad\/","title":{"rendered":"CIA TRIAD"},"content":{"rendered":"\n

Using the\u00a0Chai Article\u00a0(Links to an external site.)<\/a>, along with additional research you will conduct on your own, describe the CIA Triad, and the differences between Authentication & Authorization, including an example.<\/p>\n\n\n\n

The CIA Traid <\/strong><\/p>\n\n\n\n

The CIA triad is confidentiality, integrity, and availability. The three make up a triangle, with each tip representing confidentiality, integrity, and availability. \u201cInformation can be considered the most important asset of any modern organization. Securing this information involves preserving confidentially, integrity, and availability\u2014the well-known CIA triad\u201d (de Oliveira Albuquerque, 2014, p. 1). This system helps keep information safe, but we will see that no matter how well applied or how much money is invested into the program, there is always a risk.<\/p>\n\n\n\n

Confidentiality<\/strong><\/p>\n\n\n\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Confidentiality is protecting data by ensuring that only authorized people have access to the data. The company is responsible for ensuring the requirements for their privacy. \u201cConfidentiality requirements refer to a situation whereby only the senders and the recipients of packets can access transmitted data among nodes, i.e., sensitive data should be protected from unauthorized accesses\u201d (Adefemi et al., 2020, p. 7). Many times, we see compromised keys or eavesdropping here to gain access.<\/p>\n\n\n\n

Integrity<\/strong><\/p>\n\n\n\n

            Integrity is keeping the data trustworthy, kept from being destroyed, or maybe even modified. \u201cData integrity refers to the preservation of network data accuracy, completeness, and reliability\u201d (Kumar, 2014, p. 26). In my work, we don\u2019t want information that was sent to another group to be modified or altered. It would have deadly consequences.<\/p>\n\n\n\n

Availability<\/strong><\/p>\n\n\n\n

Lastly, availability is important. There could be nothing worse than users of the system not having access to the system. This could cause harm to the customers and\/or people who need information or services. As we all know, time is money.<\/p>\n\n\n\n

AUTHENTICATION & AUTHORIZATION<\/u><\/strong><\/p>\n\n\n\n

Authentication<\/strong><\/p>\n\n\n\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/strong>Authentication is the method we use to verify your identity. My favorite is two-factor authentication. In the shipyard, we use two-factor authentication. I must swipe my Command Access Card, and then enter my 6-digit PIN. Another type of two-factor authentication is when you use the atm and enter your PIN, or when you call your bank, and they send you a text with a PIN that you must verify. While this method is used, it is not always safe. For example, an unlocked iPhone could allow someone who stole it to access your accounts and then get the PIN sent to your phone. Authentication allows you to prove your identity to access systems, networks, or some type of device. It allows companies to have some type of protection against cybercriminals. Today, criminals are two steps ahead of new scams and technology. Verizon uses my voice as my password when I call. Today with AI, I\u2019m wondering how safe it is. Biometrics aren\u2019t even safe in today\u2019s technology.<\/p>\n\n\n\n

Authorization<\/strong><\/p>\n\n\n\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u201cThis is the process of providing access to particular information or a system to a party based on their identity. After going through the authorization process, one is allowed to have access to some or all of the data in a specific environment or system\u201d (de Oliveira Albuquerque, 2014, p. 22760). It\u2019s important for those who set this up to ensure that everyone is assigned roles. For example, I pay people at work, and only a few people have access to that database. Then few people have other types of access. For example, I can go and change pay up to a year ago. Anything after that, I must submit a case to a higher level to fix. For example, Snowden was given access to files he didn\u2019t need. At my work, if you call to have your computer worked on, we are not allowed to have any emails, and\/or databases, or classified material open. Before an IT employee can remotely log in, they must verify that no material is opened. So even though they have authentication to the computer, they do not have authorization to the data we do.<\/p>\n\n\n\n

Conclusion<\/strong><\/p>\n\n\n\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/strong>Our advisories are always two steps ahead of us. The CIA triad is a way to keep information safe. It will help organizations to get policies to keep their information safe. Today\u2019s world is full of information on people who want to use information to harm others or take advantage of them. By using the confidentiality, integrity, and availability of the CIA triad organization can create another tool to use.<\/p>\n\n\n\n

References<\/p>\n\n\n\n

Adefemi Alimi, K. O., Ouahada, K., Abu-Mahfouz, A. M., & Rimer, S. (2020). A Survey on the<\/p>\n\n\n\n

Security of Low Power Wide Area Networks: Threats, Challenges, and Potential Solutions. Sensors (14248220)<\/em>, 20<\/em>(20), 5800. https:\/\/doi-org.proxy.lib.odu.edu\/10.3390\/s20205800<\/p>\n\n\n\n

de Oliveira Albuquerque, R., Garc\u00eda Villalba, L. J., Sandoval Orozco, A. L., Buiati, F., & Tai-<\/p>\n\n\n\n

Hoon Kim. (2014). A Layered Trust Information Security Architecture. Sensors (14248220)<\/em>, 14<\/em>(12), 22754\u201322772. https:\/\/doi-org.proxy.lib.odu.edu\/10.3390\/s141222754<\/a><\/p>\n\n\n\n

Kumar, G.; Kaur, A.; Sethi, S. Computer network attacks-a study. Int. J. Comput. Sci. Mo Appl. 2014, 2, 24\u201332.<\/p>\n","protected":false},"excerpt":{"rendered":"

Using the\u00a0Chai Article\u00a0(Links to an external site.), along with additional research you will conduct on your own, describe the CIA Triad, and the differences between Authentication & Authorization, including an example. The CIA Traid The CIA triad is confidentiality, integrity, and availability. The three make up a triangle, with each tip representing confidentiality, integrity, and… <\/p>\n

Read More<\/a><\/div>\n","protected":false},"author":29608,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/posts\/295"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/users\/29608"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/comments?post=295"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/posts\/295\/revisions"}],"predecessor-version":[{"id":296,"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/posts\/295\/revisions\/296"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/media?parent=295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/categories?post=295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ellis\/wp-json\/wp\/v2\/tags?post=295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}