CIA Triad

Posted by iquin003 on
CIA Triad is the base model for the information security professionals. It lays out the groundwork and foundation for organizations to use for their cyber security needs.
CIA itself is an acronym for Confidentiality, Integrity, and Availability. Each layer of the Triad is an essential pillar for the concept and each has their own job (Chai W. 2022).

Confidentiality
Confidentiality is the 1st defensive measure in cybersecurity aimed to hide and secure data. In simple terms, confidentiality means privacy from the outside. Data encryption, passwords, biometric technology, and two-factor authentication make up a small percentage of effective confidentiality methods. Physical methods can also include separate storage drives and purely physical copies.

Integrity
The second layer of the Triad is the layer of Integrity. Integrity is centered around the permissions and access others have to data. This level ensures that data is complete and trustworthy (“CIA Triad…”). Integrity prevents unauthorized access to individuals who breached the first layer of confidentiality. In the event of data loss, backups and redundancies are stored to ensure the data can be restored to its previous state.
Availability
The final letter of the CIA Triad stands for Availability. Availability is the trait of being accessible to those who have clearance and are in need of the service or program. Business operations heavily rely on availability, as their profit and commerce comes directly from customers interacting with their programs. In the case of cyberattacks, backups must be made available, as was discussed in Integrity to allow users to access the service as soon as possible. (Chang R. 2023).

The Difference Between Authentication and Authorization
Authentication is the process of identifying a person. By going through a multitude of tests or security checks such as passwords and security questions, authentication is checked and then pushed to the next step of Authorization. Authorization is the system that determines what role the person has and what they have access to in the system. An example of authentication would be a worker typing in their employee code into a terminal to clock into the computer, while authorization would be the terminal allowing them to access all programs available to their role and denying ones that aren’t (“Authentication…”).

The CIA Triad is a multifaceted tool which allows businesses to protect and secure their data from unauthorized access. Using Confidentiality, Integrity, and Accessibility as guidelines businesses can attempt to thrive without fear of data leaks or possible data loss. However, CIA is only the bare minimum of the amount of security needed to protect a company’s assets.


References
CIA triad: Confidentiality, integrity, and availability. SailPoint. (n.d.). https://www.sailpoint.com/identity-library/cia-triad
Chang, R. (2023, February 14). Confidentiality, integrity and availability in cyber security. Kobalt.io. https://kobalt.io/confidentiality-integrity-and-availability-in-cyber-security/
Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on
Authentication vs. authorization: Key differences. Fortinet. (n.d.). https://www.fortinet.com/resources/cyberglossary/authentication-vs-authorization#:~:text=Authentication%20is%20verifying%20the%20true,is%20a%20prerequisite%20to%20authorization.

Leave a Reply

Your email address will not be published. Required fields are marked *