What is the CIA Triad and the differences between authentication and authorization

Posted by jmurr012 on

The CIA Triad

The CIA Triad is an acronym for three different pillars of IT security, these being
confidentiality, integrity and availability. Each pillar works together to cover an important part of protecting data and systems, independently the pillars are defined as follows.

Confidentiality

This is in relation to preventing important or sensitive information from
being accessed by unwanted individuals. You may find that an organization will have varying
levels of scrutiny in this pillar depending on how much they value the info that is being
protected. An organization may also have training for those that will be working with or
handling important systems or documents. This training could include simple things like how to
make and set up strong passwords or more complex tasks for the IT department, like how to set
up firewalls (Hashemi-Pour & Chai, 2023).

Integrity

Here the most important thing is making sure that information is not
improperly modified or deleted, unless done by authorized individuals. It also is important to
keep data accurate and trustworthy no matter whether it is being kept for long periods or being
moved often (NIST SP).

Availability

This the pillar focuses on making sure that data is easily accessible to authorized individuals. This means always keeping up with hardware maintenance, making sure proper updates are made, all to limit any errors that could happen (HashemiPour & Chai, 2023).

How the pillars work together

While these pillars each cover only a small area of IT security, they work best when put
together. The CIA Triad can help guide organizations to better understand how to protect their
systems and data while keeping trust in that data by the workers in the organization itself.

Authentication and Authorization

Moving on to what the differences between authentication and authorization. These
two are related but still distinct when in an organization. When it comes to authentication, this
is what verifies a user’s identity. This is done through things like a password or other credentials
to prove someone’s identity. This can make authentication something that happens before any
authorization can take place as a system needs to know who is using it before any access can be
given.

When authorization comes into play, it takes what user is trying to access its data or
system and then determines based on that, what the user is allowed to do. Such as only letting
members of a financial department edit or delete files related to the companies income or
losses.

Working together authentication and authorization can make sure that data is secure
and controlled by stopping any unwanted individuals from accessing important information. By
making this prosses hard to bypass it can limit any damage that a hacker would normally be able
to do without these safeguards in place (Kosinski, 2025).

References

Confidentiality, integrity, and availability: The CIA triad. Office of Information Security. (n.d.).
https://informationsecurity.wustl.edu/guidance/confidentiality-integrity-and-availability-the-
cia-
triad/#:~:text=The%20CIA%20triad%20is%20a%20guiding%20model,that%20minimize%20threa
ts%20to%20these%20three%20components.
Executive summary — NIST SP 1800-26 documentation. (n.d.).
https://www.nccoe.nist.gov/publication/1800-26/VolA/index.html
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition from
TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-
and-availability-CIA?jr=on
Kosinski, M. (2025, November 17). Authentication vs. authorization: What’s the difference? IBM.
https://www.ibm.com/think/topics/authentication-vs-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *