The CIA triad is a widely used information security model that can guide an organization’s efforts and policies aimed at keeping its data secure. There are three principles on which infosec rest and they are confidentiality, integrity, and availability. Confidentiality is about how only authorized users and processes should be able to access or modify data. Integrity is about how data should be maintained in a correct state and nobody should be able to improperly modify it, either accidentally or maliciously. And last but not least is availability means that people who are the authorized users should be able to access data whenever they need to do so. The CIA doesn’t seem to have a single curator or proponent but rather, it emerged over time as an article of wisdom among information security pros. The three concepts were established as foundational concepts by 1998. The CIA triad is important and this is because “triad” can help guide the development of security policies for organizations. When evaluating needs and use cases for potential new products and technologies, the triad helps organizations ask focused questions about how value is being provided in those three key areas. It helps make our information more secure, helps ensure the integrity of our data, and makes our data more readily available to those who need it. A good example of methods used to ensure confidentiality is requiring an account number or routing number when banking online. Data encryption is another common method of ensuring confidentiality.
Authentication confirms that users are who they say they are. This includes one-time pins, passwords, biometrics, and authentication apps. An example is like giving someone permission to download a particular file on a server or providing individual users with administrative access to an application. Authentication verifies credentials through passwords, one-time-pin, apps, and biometrics. It is visible to users, it changeable by the user partially through ID tokens.
Authorization gives those users permission to access a resource or in system security is the process of giving the user permission to access a specific resource or function. Authorization grants or denies permissions through settings maintained by security teams. It is not visible to users, it’s not changeable by the user. It moves data through access tokens. For example, is if employers need access to a file at work it grants permission to department-specific files.

References

Authentication vs. Authorization. (n.d.). Retrieved from https://www.okta.com/identity-101/authentication-vs-authorization/

Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. Retrieved from https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html

Chai, W. (2021, January 29). What is the CIA Triad? Definition, Explanation, and Examples. Retrieved from https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA