Isaac Flores
Professor Charles E. Kirkpatrick
CYSE 200
13 September 2024
C.I.A. Triad
Confidentiality, Integrity, and Availability are concepts that are known as the C.I.A. triad. This concept is used as basis to form cybersecurity policies in an organization. Each component within the triad has its own function and importance. For example, confidentiality is a concept that refers to making sure information is kept secure and private so the authorized people can view it. Furthermore, this idea is highly associated with the idea of privacy. “Confidentiality
measures are designed to prevent sensitive information from unauthorized access attempts” (Chai, para 4.) Integrity is a concept that is meant to give importance to assuring information is not changed or destroyed. Availability is a concept that assures that information is available to the permissible individual that have the authorization to access data. Confidentiality, integrity, and availability are three vital concepts that can be used in versatile ways.
Confidentiality can be practiced by developing properly strengthened passwords to protect the privacy of information, online accounts, and assets. Including some form of authentication to use an online service can be a way to maintain confidentiality. Furthermore, this concept can be practiced by avoiding the amount of places that personal data can be found on the internet. Encryption could be a great recommendation to promoting confidentiality.
Integrity can be practiced by using file permissions and managing user access controls. Controlling whether or not a user can modify data or not can help a person maintain the integrity of information or data saved within a file containing personal or valuable information that may be desired to be confidential.
Availability involves both maintaining hardware and software to a functional state. Hardware should be cleaned and kept away from a harmful environment. Software should be logged and updated as necessary to maintain a functional digital network. Furthermore, developing safeguards in case of hardware or software failure should be developed. “Duplicate data sets and disaster recovery plans can multiply the already-high costs” (Chai, para. 21).
It is important to note that authentication and authorization are relevant to the use and development of the C.I.A. triad. Authentication is the process of identifying an individual. This process of identifying can involve the use of social security numbers that should be unique to each person within the United States of America, using names, and using birth certificates are ways to identify someone. Authorization is the process of giving permission to someone who is authenticated. Permissions in regards to file access can involve the permission to read a file, the ability to execute a file, the ability to write to a file, and the permission to have two or more of those permissions. Authorization can very much be associated with availability and authentication be very much involved in confidentiality.
I think that the use of the C.I.A. triad can help promote proper use of cybersecurity techniques made to protect information online. Furthermore, the concepts can be used with both hardware and software. Something interesting to consider is the challenges to implementing the C.I.A. triad. Money is a big issue but also challenges in finding enough people to manage big data can prove to be quite troublesome.

















Reference
Chai, Wesley. What is the CIA Triad? Definition, Explanation, Examples. https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view