The CIA Triad

Posted by ecord004 on

The CIA triad is a security model that is focused on three areas of cyber security and data protection and management. The three key pillars of the CIA Triad are confidentiality, integrity, and availability. Confidentiality is the idea that only authorized users and or processes are the things that can be accessed and modified. For example, a user can not download an application on a computer without admin permission. Integrity means that data is maintained and isn’t allowed to be tampered with by people who are not authorized. For example, a purchase on a bank account accurately reflects what was purchased. The last key pillar of the CIA Triad is Availability which means that authorized users should always have access to data wherever and whenever needed. For example, if someone wanted to check their bank balance they could do it from a computer or smartphone 24/7 anywhere in the globe. Expanding into confidentiality there is a massive difference between Authentication and Authorization.  Authentication is proving whoever says that they are that person is telling the truth. This can be typically done through a secret code on another device or through biometrics. Authorization is the security practice that involves a  hierarchy level system in who reads that data and who can edit it. For example, when using a desktop computer some users will not be able to install files without administrator permissions. (Fruhlinger, 2020) A more realistic example of Authentication VS. Authorization is with money and banking. An example is given by John Spacey on Simplicable.com.  He says that when you go up to an ATM and try to pull out money you would use a bank card and to prove who you are you use a pin that you created when the account was created. After that, if you try to pull a million dollars out of your account the system won’t let you because you don’t have the money and the Authoritative system checks to see that you don’t have the money. (Spacey, 2016) 

References

Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. CSO Online. Retrieved March 21, 2022, from https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html 

Spacey, J. (2016, November 25). Authentication vs authorization. Simplicable. Retrieved March 21, 2022, from https://simplicable.com/new/authentication-vs-authorization 

Leave a Reply

Your email address will not be published. Required fields are marked *