The CIA Triad

Posted by jbrei002 on

What is the triad?
The CIA triad stands for confidentiality, integrity, and availability. It is a framework that is used to help form information security policies. The three elements of the triad form the fundamental needs of cybersecurity.
” The following is a breakdown of the three key concepts that form the CIA triad:
Confidentiality is roughly equivalent to privacy. Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.
Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
Availability means information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.” (Chai 2022)
Using these three principles, security policies for organizations can be developed by looking at needs and use cases for new products and technologies.

Authentication vs. Authorization
Authentication and authorization are used to protect organizations from cyberattacks. The difference between the two is that authentication is used to verify who a user is, while authorization is used to determine what files, applications, and data a user has available to them for access. A method of authentication is using two factor authentication when trying to log into a system, like how ODU uses Duo. A method of authorization is using role-based access controls. By assigning a role to a user based off their position in the organization, they may be able to view certain information and files but be unable to edit the. If a user has a higher role, then they may be able to edit the information or files. By using the two in an organization, you are able to prevent unauthorized activity within the systems that could pose a threat to the security of the entire system.









References
Chai, W. (2022). (rep.). What is the CIA Triad? Definition, Explanation, Examples.
What is the difference between authentication and authorization?. SailPoint. (2023, March 7). https://www.sailpoint.com/identity-library/difference-between-authentication-and-authorization/#:~:text=So%2C%20what%20is%20the%20difference,a%20user%20has%20access%20to.

Leave a Reply

Your email address will not be published. Required fields are marked *