CIA Triad
The CIA Triad is an important, widely used model upon which policy related to information security and storage is based. The CIA Triad consists of Confidentiality, Integrity, and Availability. Though it is widely used, and accepted in the information security industry, many believe it is in dire need of an upgrade or an overhaul to stay relevant, and up to date. (Chai, 2022)
Confidentiality in the CIA triad means that information is kept private to unauthorized parties, and that those unauthorized parties can’t access that information. That private information is often categorized based on how vital that information is, who it affects, and how much damage it could potentially cause. The information is then appropriately secured in various ways, ranging from on secure networks or servers, locked behind numerous “information gates” to being copied onto an external device, and being stored of a network entirely for the most vital of information. (Chai, 2022)
Integrity in the triad means that information is maintained, and kept consistent, accurate, and can be trusted by the people accessing it. It also means it can be transferred or transmitted from one place to another without that information being altered or accessed by outside parties. One very important example of this is your purchase history on a website or store. When you purchase something, a record of that purchase is kept in your account’s personal Purchase records, where you can access it at any time. If there happens it be a problem with that information, it also means you can access someone related to that website to ask about the problem. (What is the CIA triad? Definition and Examples 2021)
The final part of the triad is Availability. This means that the information is consistently available to authorized parties. Those authorized to access the information should be able to access it no matter what time or day, or where they might be. Parts of a network, including the hardware, software, the network itself, and the information on it should be maintained, I ideally, in a way this can be achieved. An example of this can be being able to log into a website to view your account information, regardless of where you are, or what time it is. So long as your authentication, and identity are verified, you should be able to access that information. (What is the CIA triad? Definition and Examples 2021)
Authentication VS Authorization
Now that we’ve mentioned it, we should discuss authentication, more specifically how it relates to, and how differentiates itself from authorization. While both are key to upholding the CIA triad, they play different roles in it. While authentication checks to see who a user is and validates who they claim to be. The most common version of this is requesting a username and password to log in and, in recent years, requiring a 2-step verification process as well, for added security. Authorization happens following the authentication of the user. It makes sure they are granted the proper clearance to access the information they should have access to, whether it be basic information, or top-secret confidential files. An example of this would be granting a certain user the role of admin, or the role of member in a database; the members and access basic files while the admins can access much more. They work hand in hand to uphold the CIA triad on a network. (Gupta, 2020)
Citations:
Chai, W. (2022, June 28). What is the CIA triad? definition, explanation, examples – techtarget. Google Drive. Retrieved September 11, 2022, from https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view
Gupta, D. (2020, June 11). Authentication vs authorization: What’s the difference?: Loginradius: Loginradius blog. loginradius. Retrieved September 11, 2022, from https://www.loginradius.com/blog/identity/authentication-vs-authorization-infographic/
What is the CIA Triad? (2021, September 1). What is the CIA triad? Definition and Examples. SecurityScorecard. Retrieved September 11, 2022, from https://securityscorecard.com/blog/what-is-the-cia-triad