Surprisingly, the CIA triad has nothing at all to do with the U.S. Central Intelligence Agency. The CIA triad are the principles that information security rests upon. As referenced in the CIA triad article by Josh Fruhlinger, CIA is an acronym that stands for confidentiality, integrity, and availability. Confidentiality is used to make sure that only authorized users and processes should be able to access or modify certain data. Integrity is needed to make sure data is being maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously. Lastly, availability is important so that authorized users are able to access data whenever they need to do so.

According to the article, the CIA triad has no exact founder or day when it was created. Rather, it was formed over time as a resource that information security people could refer back to. It is important to think of these pillars of infosec as linked ideas rather than separately. This is because it helps you make sense of the many aspects needed to consider when tackling an information security problem when you are able to break it down using the triad. Also, by putting these three principles together it makes you realize that they can and will be in each other’s way at times.

As described by the Fruhlinger article, Authentication can be described by the use of processes that allow systems to determine if a user is who they say they are by using passwords or even biometrics. Authorization on the other hand is what determines who actually has the authority to access certain information. The key connection to make between them is that authentication is needed beforehand in order to make sure that the person who signs in has the authorization to view certain data.

One way to explain authentication and authorization is that if a new intern is given an account by the company he would enter a password to show his authentication. Except, he would not have the same level of authorization as the head of the company because some company secrets should not be accessible to everyone.