The CIA Triad
The CIA Triad is a cybersecurity model that guides information security policies, comprising three interconnected principles: Confidentiality, Integrity, and Availability, sometimes referred to as the AIC Triad to avoid confusion with the Central Intelligence Agency. [cite: 268, 269] According to the Chai article, it helps organizations develop focused security strategies, although experts note that it may require updates for modern threats, such as big data and IoT. [cite: 270]
- Confidentiality: Limits access to sensitive information, preventing unauthorized disclosure. [cite: 271] Equivalent to privacy, data is categorized by potential damage if leaked. [cite: 272]
- Integrity: Ensures data remains accurate, consistent, and trustworthy throughout its lifecycle, protecting against unauthorized alterations. [cite: 273]
- Availability: Guarantees reliable access for authorized users, maintaining systems against disruptions. [cite: 273]
Authentication vs. Authorization
Authentication verifies a user’s identity using credentials like passwords, biometrics, or tokens. [cite: 274, 275] Authorization determines what authenticated users can access or do after post-authentication. [cite: 276]
Key Difference: Authentication confirms who you are; authorization decides what you can do. [cite: 277]
Example: Logging into your email with a password (authentication) lets you access your inbox, but authorization restricts you from viewing a colleague’s private folders unless granted permissions. [cite: 278]
Sources: What is the CIA Triad and Why is it important? | Fortinet (https://www.fortinet.com/resources/cyberglossary/authentication-vs-authorization) [cite: 279, 280]