Jason Exume

Getting to know the CIA Triad, and understanding Authentication & Authorization


Bluff

The CIA or AIC is a very reliable model that focuses on the 3 most essential concepts within information security.” Its purpose is to guide policies for information security within an organization” (Wesley Chai 2025) and should be a part of any organization that seeks to have reliable system security.



CIA meaning

Confidentiality, integrity and availability can also be referred to as CIA or AIC, not get confused with the central intelligence agency. It is a model designed to guide policies for information security within an organization. Confidentiality, integrity, and availability are considered the most important concepts within information security. placing these three principles together within the framework of the “triad” can help guide the development of security policies for Organizations.


Principals of the CIA

To achieve proper Confidentially there are many reliable methods that can be utilized to ensure it remains consistent. “One requires an account number or routing number when banking online” (Wesley Chai 2025). Data encryption is another method. Both of these methods are discreet and are things that are not easily obtainable. If used correctly, little to no one should have access to this info. “When it comes to Integrity,” organizations must put in some means to detect any changes in data that might occur because of non-human-caused events such as electromagnetic pulse (EMP) or server crash “(Wesley Chai 2025). Backups or redundancies must be available to restore the affected data to its correct state. In other words, integrity can be viewed as the durability/recovery of an organization’s security “Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintain a properly functioning operating system keeping it openly accessible by the authorized personals” (Wesley Chai 2025)



understanding Authentication & Authorization

The difference between Authentication & Authorization is that authentication can be viewed as something that has solid proof of it being legit. It is not a replica but is the original and real thing. Authorization can be thought of as granting permission to use or do something. Authorization requires the green light from another source to confirm what is about to be performed is ok and falls under the correct code established. An example of authentication could be buying a diamond and having several people appraise the item and having the owner of the diamond provide paperwork the confirms the mineral of the object along with the where and when it was received. An example of authorization could be giving someone permission to cut your child’s hair. If you grant authorization, you grant permission and allow that person to perform what you agreed upon. It’s confirmation that you are aware of what is going to happen and accept it.


Conclusion

In conclusion, as stated before, Confidentiality, integrity, and availability are considered the most important concepts within information security. These 3 concepts provide the consumer of a system with a sense of confidence that their data will remain intact, their personal info will remain private, and that access to the system will remain consistent. Authentication is essentially something that is verified, and authorization is the green light to perform something whether physical or digital. All organizations should aim to have all of these concepts established.




Citations and references

What is the CIA Triad_ Definition, Explanation, Examples – TechTarget.pdf – Google Drive

https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on