Name: Jacob Moore
Course: CYSE-200
Title: The CIA Triad and the Difference Between Authentication and Authorization

Introduction
Cybersecurity is built on protecting information and systems from misuse, damage,
or disruption. The CIA Triad—Confidentiality, Integrity, and Availability—provides the core
framework for safeguarding data. In addition, understanding the distinction between
authentication (verifying identity) and authorization (granting permissions) is essential for
controlling access. Together, these concepts form the foundation of modern information
security practices. The CIA Triad is a widely accepted model that defines the three primary
goals of cybersecurity: confidentiality, integrity, and availability. Each element addresses a
different aspect of protecting information systems.
Confidentiality
Confidentiality ensures that sensitive information is accessible only to authorized
individuals. This prevents unauthorized disclosure of personal, financial, or proprietary
data. Common methods used to protect confidentiality include encryption, access
controls, and authentication mechanisms such as passwords or biometrics. For example,
online banking systems use encryption and login credentials to prevent unauthorized users
from viewing account information.
Integrity
Integrity focuses on maintaining the accuracy and trustworthiness of data. It
ensures that information is not altered, whether accidentally or maliciously, without
proper authorization. Mechanisms such as hashing, digital signatures, checksums, and
version controls help detect unauthorized changes. If data integrity is compromised,
organizations may make decisions based on incorrect information, which can lead to
financial loss, legal consequences, or safety risks.
Availability
Availability ensures that systems and data are accessible when needed by
authorized users. This includes maintaining uptime, preventing service disruptions, and
enabling rapid recovery from failures. Techniques that support availability include
redundancy, backups, load balancing, disaster recovery planning, and protection against
denial-of-service attacks. For businesses that rely on digital services, downtime can result
in lost revenue and damaged reputation.
Authentication vs. Authorization
Authentication is the process of verifying the identity of a user, device, or system. It
answers the question: “Who are you?” Common authentication methods include
passwords, PINs, smart cards, biometrics, and multi-factor authentication (MFA). For
example, entering a username and password to log into an email account confirms that
the user is who they claim to be. Authorization occurs after authentication and determines
what an authenticated user is allowed to do. It answers the question: “What are you
allowed to access?” Authorization is typically managed through roles, permissions, and
access control policies. For instance, an employee may be authenticated to a company
network but authorized only to access certain files relevant to their job role.
Conclusion
The CIA Triad provides the foundational framework for protecting information
systems by ensuring confidentiality, integrity, and availability. Each component addresses
a different but equally important aspect of security. Authentication and authorization
further strengthen protection by verifying identity and controlling access to resources.
Understanding these concepts is essential for designing secure systems and preventing
unauthorized use, data manipulation, and service disruptions. Together, they form the
core principles that guide cybersecurity practices across organizations and industries.