CIA TRIAD

Posted by jhill079 on

CIA Triad: Explanation
Jaylen Hill 9/15/2024

Preface

Although authorization and authentication is similar they still have key differences that set them apart from each other. The main difference between the two is how they handle information to the user and the access to the information. Authentication is verifying a user’s log-in information with dual authentication. While authorization is limiting what access said user has after being authenticated. Everything will be explained in detail below.

What is the CIA Triad?
By better understanding the difference between authentication and authorization, we must take an in depth look into what the CIA triad is and how it plays a part. The first letter C in the triad stands for “confidentiality”, which ensures that the information is protected for that individual user and only for that user. This creates confidence and a sense of protection for the user’s information. The letter I in the triad stands for “integrity”, which establishes trustful information for the user and what the information should be intended to do. And lastly, the letter A in the triad means “availability”, which means that the user’s information is accessible and can be modified by the user that has the authorization to use it.
Authentication
Because of the prevalence of wide activity within cyberspace, it is very easy for cybercriminals to take advantage of this fact by filling in the gaps of where authentication should be in the systems that users log in too. In an article written about authentication, the author Gilad David Maayan states that because of this lack of authentication in systems, he says “ Hackers gained access to Yahoo user accounts to steal contacts, calendars and private emails between 2012 and 2016”(Maayan 2022). Authentication is the process after one logs in, which can be a pin number, two-factor authentication, or a verification code. This curtails any easy access into a system which can create situations where hackers are able to steal information that shouldn’t be authorized to them.

Authorization
Think of authorization as being on a playground at recess. In that environment, you are free to have fun with your friends by playing games, going to the monkey bars and so on. But you are only authorized to do so in that playground area, where going outside of the authorized zone is dangerous. This analogy works well with authorization for users, in which one has access to a certain amount of information or files that only apply to them. You are only allowed to input what you are allowed to control, where else you can’t do it and other places. In an article that explains the difference between authentication and authorization, it states that it is a permission type system that allows, “what a user is able to see or do on a website or inside an application. Without these specific permissions, every user would have access to the same information or features”(Fortinet 2024).
Conclusion
In conclusion, although authentication and authorization both have similarities, they still have key differences that set them apart from each other. They both live by the CIA Triad example by first having confidentiality, integrity, and availability but it is used in a different way by both.





Authentication vs. authorization: Key differences. Fortinet. (n.d.). https://www.fortinet.com/de/resources/cyberglossary/authentication-vs-authorization#:~:text=Authentication%20is%20a%20process%20to,access%20based%20on%20that%20level.


Maayan, G. D. (2022, December 28). 5 user authentication methods that can prevent the next breach. ID R&D. https://www.idrnd.ai/5-authentication-methods-that-can-prevent-the-next-breach/








Leave a Reply

Your email address will not be published. Required fields are marked *