Write-up: The CIA Triad

Posted by itano002 on

The CIA Triad
BLUF – The CIA Triad is a model that is designed to develop the basis of security
systems for organizations. CIA stands for Confidentiality, Integrity, and Availability, and is
also referred to as AIC to avoid confusion with the Central Intelligence Agency, C.I.A (Chai,
2022, p.1). The CIA Triad is important to the security of organizations as it is the backbone
of information security. Without it, an organization’s database could be attacked and
exploited easily, leading events such as data loss or failure of operations.


What makes up the CIA?
There are 3 key concepts that form the CIA triad. Confidentiality is essentially the
same as privacy; it ensures data remains secured and protected and allows only
authorized users to access important data. Security measures often include encryption,
multi-factor authentication, and other means of defense like firewalls or VPNs. Integrity
stands as a second line of defense for Confidentiality. The concept keeps data within the
organization consistent and accurate and ensures unauthorized access cannot alter it. This
can involve methods such as version control, digital signatures, backups, and
nonrepudiation measures like logins and messages sent (Chai, 2022, p.4). Availability is
less defensive than Confidentiality and Integrity, and more so on the proactive side. It
makes sure that authorized users have access to data and services at any time within the
organization, and practices include redundancy, failovers, and safeguards against data loss
(Chai, 2022, p.5)

Authentication and Authorization
Authentication and authorization are often misinterpreted as the two share similar
meanings, but they are different in their own ways. Authentication is like a verification
barrier, where it verifies a user through methods such as a login, while authorization is like
a permission barrier, displaying what a user has and doesn’t have authorized access to
(Difference Between Authentication and Authorization, 2024). A good example would be an
employee and their company’s network. Authentication would be the employee logging
into the system with their username and password, and Authorization would be what the
employee has access to, like how if they were in HR, they could have access to employee’s
records, but they don’t have access to administrative tools, something only an admin can
access. While the two share a similar meaning, they are still different, and it is important to
know the difference between the two.
Conclusion – The CIA Triad is essential for Cybersecurity, as it ensures data remains
protected and accurate, and is easily accessible to authorized users when necessary.


Work Cited
Chai, Wesley. What Is the CIA Triad? Definition, Explanation, Examples. TechTarget, 28 June
2022. PDF. https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view
GeeksforGeeks. “DiƯerence Between Authentication and Authorization.” GeeksforGeeks,
24 July. 2024, www.geeksforgeeks.org/diƯerence-between-authentication-and-
authorization/.

Leave a Reply

Your email address will not be published. Required fields are marked *