CYSE200T

Write Up on The CIA Triad

Posted by ihagm001 on

Ian Hagmann

9/18/2022

The CIA Triad

I have already learned about the CIA Triad in my first cybersecurity class, and hurray I remembered it correctly. Some of the examples seem to kind of stretch the definitions of each part to make them interconnect better.

The Triad

The CIA Triad has three parts to it and is a very broad tool for cybersecurity purposes. The first part is confidentiality, which for our purposes means keeping data away from prying eyes and only allowing people who should have access, to access the data. The next part is integrity, which in this case means keeping data accurate and original. To have integrity, data must be true for its purpose and have no unauthorized changes. Lastly we have availability, which in my opinion doesn’t seem very cybersecurity related, which means allowing access to data whenever possible. 

Some tools to keep data confidential include; encrypting data from its plaintext form to an unreadable state in a reversible manner, file permission options included in operating systems to only allow certain users to be able to read data, and even anti data exfiltration software to keep users from accidentally sending out confidential information. A few ways to maintain and vet integrity are logging when users access and/or change data, testing software for accuracy in their outputs, and using checksums. Availability can be maintained by redundancy in machines holding data to be accessed, maintaining proper backups for data (3 copies, 2 different types of media, 1 offsite), and working to keep systems uptime as high as possible.

Authentication vs. Authorization

Authentication and authorization are very similar, but it is important to understand both. Authentication is basically making sure that someone is who they say they are, and authorization is making sure that they have permission to access a system. Both concepts would fall under confidentiality in the CIA Triad. Usually systems ask you to authenticate through a password or other such equivalents, and it will allow you in if you gave the correct credentials. Then it will check with a system file, or auth server, and determine whether you will be allowed access to certain things.

Conclusion

The CIA Triad is an important tool in cybersecurity and has a broad scope. Its parts are big concepts that can only be achieved through more specific means. Authentication and authorization are just parts of confidentiality and focus on individual attempts for access.

References

Auth0. (n.d.). Authentication vs. authorization. Auth0 Docs. Retrieved September 18, 2022, from https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *