The CIA Triad, Authentication, and Authorization

Posted by iburd001 on

What is the CIA Triad? 

The CIA Triad is a model designed to protect policies in an organization. It stands for Confidentiality, Integrity and Availability. According to an article describing the CIA Triad, It is often referred to as the “AIC Triad” to avoid confusion with the Central Intelligence Agency (Chai). It is a fundamental part of Information security and cybersecurity. The three principles the CIA Triad represents, ensures that an organization’s data is protected and reliable through authentication and authorization. 

The Three Principles

Confidentiality – which essentially means privacy – is the first principle of the CIA Triad. It ensures that no unauthorized users are able to gain data. According to Wesley Chai, “It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands” (Chai). While this practice is not required, it allows for a better understanding of what the most important pieces of data to protect are, and what could happen as a result of them failing to be properly protected. 

Integrity is the second principle of the CIA Triad. Integrity means maintaining the accuracy and consistency of data over its life cycle. It is common knowledge that “Data can not be altered in transit” (Chai). Unauthorized users are unable to change the data of a file. The integrity of a file ensures that none of its contents were tampered with or modified by an unauthorized user. Checksums and hashing is often used to detect any changes in data. 

Availability is the final principle. Information should have the ability to be accessed at any point by authorized users. This requires a stable and reliable network, backups of data in case of a breach or accidental loss of data, and maintaining software and hardware to ensure they are in good condition and up to date. If a breach occurs, and data is lost, there can be major setbacks for an organization. 

Authentication or Authorization?

It is relatively common for people to get authentication and authorization confused, but they are two different security measures which cooperate to ensure the security of data in an organization or platform. Authentication makes sure that you are who you say you are, and Authorization checks if you are allowed to access data. When you log into a website, you must enter a username and password, to show that you are authorized to gain access to the website and its data. Once it is confirmed that you are authorized, authentication checks your identity. You may be sent an email or text to verify that it is you trying to log in. This is an example of Multi-Factor Authentication (MFA). This ensures that it is really you trying to log in, rather than someone else using your account or credentials. 

Conclusion

The CIA Triad, authentication and authorization are all extremely important to information security, cybersecurity and  the protection and accuracy of data. They collaborate to confirm data is private, accurate and easy to access, while only giving authorized users access to the data. When trying to gain access to data, authorization comes first, and authentication comes next. Together they maintain and uphold the CIA triad. They ensure data is confidential, accurate, and easy to access when needed. 

Leave a Reply

Your email address will not be published. Required fields are marked *