The CIA Triad

Posted by gwrig012 on
An organization’s cyber security is one of the most important aspects in today’s
age as well as protection from intellectual property and insider threats, to ensure an
organization’s security many organizations use the CIA triad as a guide to outline policy
as well as using authentication and authorization to protect information. The CIA triad
was created to outline the three most important policies when addressing information
security within organizations, those being Confidentiality, Integrity, and Availability.
According to Wesley Chai the triad does not have a single creator (Chai, 2022, p. 6) but
rather a combination of concepts that have been studied and slowly developed over the
years from many sources.
The three pillars all work harmoniously in order to provide organizations with a
trusted framework when creating their own policies and procedures. I like to think of it as
a home. Confidentiality is focused on safeguarding customers as well as an organization’s
sensitive information, such as bank account information, Social Security Numbers, or
private medical information, like the doors and blinds of your home giving you privacy
from on passerbys. A systems integrity is how safe or protected a system or infrastructure
is, think of it like the lock for your home protecting you and your family. And finally
accessibility, this is just ensuring the right people have access to the right things, like the
keys to your home or the code to your garage.
In addition to the CIA Triad organizations also use Authorization and
Authentication to protect private or sensitive information. A user’s authorizations are
often based on the type of role they hold within an organization i.e. you wouldn’t want a
sales associate to have access to the whole company’s payroll information. Authentication
is implemented to ensure a user is who they say, some examples would be 2 factor
Authentication, tokens, or PINs. According to Kosinski “authentication helps
organizations defend user accounts, while authorization helps defend the systems those
accounts can access.” (Kosinski, 2026, Authentication vs. Authorization: What’s the
Difference? | IBM)
In conclusion, all these factors work together to safeguard companies and their
customers’ information as well as critical infrastructure. The CIA triad is a great guide for
companies but is also not all encompassing for every policy or procedure a company may
need. I also expect most organizations to implement new forms of Authentications as
cyber attacks become more and more advanced

Leave a Reply

Your email address will not be published. Required fields are marked *