The CIA Triad is crucial for all organizations to use for protection and security. The three components of the CIA triad work together to provide much needed information security. Authentication and authorization work together to protect important information.
What Is The CIA Triad
The CIA triad is made up of three parts, confidentiality, integrity, and availability. All three of those components work together to compose a system. The CIA Triad provides many benefits to organizations such as data security and privacy, compliance, proactive risk prevention, and comprehensiveness (Hashemi-Pour & Chai, 2023). An organization’s security procedures for information can be guided by the CIA triad model. Each part of the CIA triad plays an important role in information security. There are also some concerns when it comes to using the CIA triad model. Some problems that may come up are large data volumes, data stewardship and governance, internet of things security and privacy, and security in product development (Hashemi-Pour & Chai, 2023).
Confidentiality, Integrity, Availability
Confidentiality refers to the protection an organization has for its information and who can have access to it. The Journal of Information Security System says, “Confidentiality is a primary tenet of information security which has its roots grounded in the military mindset of maintaining a top down authority and control over those that have access to information, on a need to know basis” (Samonas & Coss, 2014). Some examples of confidentiality measures include data inscription, two factor authentication, and biometric verification. The integrity part of the CIA triad is about the trustworthiness of the information. Organizations can take certain measures to protect the trustworthiness of their information by using things such as access controls or file permissions. Hashemi-Pour & Chai (2023) mentions that, “Version control may be used to prevent erroneous changes or accidental deletion by authorized users from becoming a problem.” Availability is all about ensuring that the information is easily available to the proper users when needed. You can assure this by keeping up with the systems, hardware, and technical infrastructure that store and show the data (Hashemi-Pour & Chai, 2023).
Authentication and Authorization
Authentication and authorization are two different types of security measures, however, they work together hand in hand to make sure that only people with permission can access resources and systems. Authentication is what comes before authorization. Authentication is used to verify who a person is. Once a person is authentified they then have specific authorization. Authorization refers to what a person can access. One example of this process could be seen when you log in for online banking. The authentication part would be you providing a username and password or facial recognition. Then the authorization part would be the information you are allowed to access such as your account information or a bank statement after you put in the correct authentication information.
Conclusion
The three components of the CIA triad, confidentiality, integrity, and availability, work together to provide important information security to organizations. There are many ways that each component can be implemented and used by the organization. Authentication and authorization also work together to provide information security by verifying a users identity (authentication) and what they can access (authorization). We can see how important all of these factors are for protecting information for users and organizations.
References
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad (confidentiality, integrity and availability)?. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on
Samonas, S., & Coss, D. (2014). The CIA strikes back: Redefining confidentiality, integrity, and availability in security. Journal of Information System Security, 10(3), 21–45. https://www.proso.com/dl/Samonas.pdf