The CIA Triad (Also Known As AIC)

Posted by jjezi001 on

What is the CIA Triad?
Often confused with the Central Intelligence Agency, this acronym means
something completely different. This acronym stands for “confidentiality, integrity, and
availability.” This is a model designed to guide a business in policy making regarding
security within their company.
The starting letter “C” confidentiality is where they start. These measures are
designed to prevent confidential information getting into the wrong hands. Ways for this to
come about would be a strong password, two-factor authentication, and key cards. An
example of this is needing a password to log into a confidential space or needing a CAC
(Common access card) to get into government networks.
The next letter is “I” standing for integrity. The definition of integrity is “the quality of
being honest and having strong moral principles.” Integrity is needed anywhere because it
establishes credibility and trust, it is detrimental to a business just like it is to a person.
Data in a business must be trustworthy and free of tampering. Some examples of this is
having digital signatures of anything a employee sends or digital certificates. If a email was
sent by a employee, they have to sign it, making sure that they can not deny that they sent
the email.
The final letter in the triad is “A” which stands for availability. A businesses data may
be confidential and have integrity, but that is gone to waste if the data is not available to
those who tend to use it. This means that data is free of software conflicts and that it is safe
from attacks that could take data down. Disaster recovery is essential to keep a business
afloat if things are going bad. Examples of ideas used are, backup copies of data and
firewalls.

The Difference Between Authentication and Authorization:
Authentication and authorization are like steps on a walkway, you can not skip the
first one. Authentication goes first. Authentication is the process of verifying the identity of
the user trying to get into a system. An example of this would be a password with a personal
question that only the actual user would know, or asking for a pin number at an ATM and
many other things. Two-factor authentication is also a very common way to verify an
identity now, for example having a one-time code or request go to the users personal email
asking if the person trying to log in, is them.
Next is Authorization, this is the process of giving a user the ability to access something. An
example of this would be giving access to a location, like needing a certain security
clearance to enter a certain building on government property or giving access to a database
only certain employees are allowed to enter.
Conclusion:
In conclusion, the CIA triad stands for “confidentiality, integrity, and availability”.
These are the three things that a business needs to protect their image and keep them safe
from attacks. Each letter in the triad stands for a different part of the process to keep them
protected. Authentication comes first and then authorization. Authorization makes sure
you are who you say you are, and authorization allows you to enter where you are supposed
to.
Works Cited:
https://www.fortinet.com/resources/cyberglossary/authentication-vs-authorization
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view?usp=shari
ng
https://www.fortinet.com/resources/cyberglossary/cia-triad
https://dictionary.cambridge.org/us/dictionary/english/integrity