The CIA Triad

Posted by hbarr007 on

Most organizations use the CIA Triad as a foundational concept to create and execute efficient security systems. It is made up of three basic elements that are necessary for safeguarding sensitive data: confidentiality, integrity, and availability. However, these components are frequently misunderstood or confused for one another. 

CIA Triad

The CIA Triad is a model designed to guide policies for information security within an organization (Chai, 2022). This model consists of three different principles, confidentiality, integrity, and availability. It is a big model that is widely used to help organizations secure their systems and data. Considering these three principles together within the triad framework guides the development of security policies for organizations. When evaluating needs and use cases for potential new products and technologies, the triad helps organizations ask focused questions about how value is being provided in those three key areas (Hashemi-Pour, 2023). 

Authentication vs. Authorization

Authentication and authorization are two very similar things, but very different in terms of cybersecurity. Both of these terms serve different purposes in the process of granting access to systems and resources. Authentication verifies a user’s identity. Authorization gives the user the right level of access to system resources (Kosinski, 2024). Authentication confirms a user, device, or system’s identity is known as authentication. It guarantees that the person or thing trying to use a resource is indeed who or what it says it is. While authorization establishes the rights or privileges granted to an authenticated entity, defining the resources or actions that they are permitted to take. Resources and apps can each have their own authentication methods. While logging into my ODU account I use duo authentication which is different from the authentication I use accessing my bank account. Authorization has user permissions that are usually defined by administrators and security leaders and later enforced by authorization systems. Example of authentication vs authorization: Authentication- using my banking app I enter my username and password, my bank then sends me a text message with a one time use code to verify that it is me. Authorization- after logging into my account the bank decides what I’m allowed to do within the app.  

Conclusion

In conclusion, the CIA triad is a huge model used within most organizations to develop security systems. It has three components within it, that most individuals get confused with one another. 

References 

Chai, W. What is the CIA Triad? Definition, Explanation, Examples. (2022, June 28). PDF. Retrieved February 17, 2025 from https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view

CIA triad. (n.d.). Fortinet. Retrieved February 22, 2025, from https://www.fortinet.com/resources/cyberglossary/cia-triad.

Hashemi-Pour, C. Confidentiality, integrity, and availability (CIA). (2023, December). TechTarget. Retrieved February 22, 2025, from https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA.

Kosinski, M. . Authentication vs. authorization: What’s the difference? (2024, December 2) IBM. Retrieved February 22, 2025 from

https://www.ibm.com/think/topics/authentication-vs-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *