CIA Triad: The Backbone of Cybersecurity

Posted by gdavi020 on

Not to be confused with the Central Intelligence Agency, the CIA Triad is based on the principles of confidentiality, integrity, and availability. Each of these concepts intertwine to form the foundations of cybersecurity. With these three principles, organizations are able to have a proper framework for the implementation of security policies and it provides a sense of structure or a guide, essentially, on how to build and improve systems and technologies by keeping these three principles in mind.


The Acronym Explained


As previously mentioned, CIA stands for confidentiality, integrity, and availability. In this context, confidentiality means protecting sensitive and private information from any unauthorized users. Integrity encompasses being trustworthy, honest, and reliable. Data should not arrive at its destination any differently than it did before its departure. With integrity, data is prevented from being altered by any unauthorized persons. Finally, the availability principle ensures that those who are authorized can readily access information. The CIA Triad holds so much importance because it builds a foundation on how organizations should operate in regards to developing and upgrading its security policies and softwares.


Authentication vs Authorization: What’s the Difference?


Although similar in some aspects, authentication and authorization are two different things. Authentication confirms that a person is who they say they are. For example, if I was logging into my Google account from a different computer than the one I usually use, Google would send me an email asking if this person signing in was really me. This email would be an example of authentication. In contrast, authorization would be the process of determining what privileges the person logging in has access to. So, for example, if I was logging into Canvas, the authorization process would recognize me as a student and therefore would grant me privileges that a student would have. If it weren’t for this process, I could access my courses and change my grade or the assignments and due dates in the same way that a professor could. According to Curity.IO, effective authentication and authorization methods ensure the security of user data and prevent any unauthorized data from being accessed.

Conclusion


In summary, the CIA Triad can be described as the backbone of an organization’s cybersecurity. The principles of confidentiality, integrity, and availability work together to ensure an organization has the proper framework to be able to maintain and also upgrade an efficient security system to protect its users as well as products and sensitive information. While similar, authorization and authentication are two separate concepts that work together to protect user’s identities as well as the data being accessed. Before a user can be authorized, their identity must be authenticated whether it be through a username and password, security code, or a hardware device. The CIA Triad combined with authorization and authentication methods provide protection and security for an organization along with its employees and assets.












References
Chai, W. (2023, February 10). What is the CIA triad? definition, explanation, examples: TechTarget.https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on
Curity. (2022, December 21). Authentication vs. authorization: What’s the difference? https://curity.io/resources/learn/authentication-vs-authorization/

Leave a Reply

Your email address will not be published. Required fields are marked *