The CIA Triad and Access Control Mechanisms
**This explains the CIA Triad (Confidentiality, Integrity, Availability) and distinguishes
between authentication and authorization with examples.**

CIA Triad
The CIA Triad is a basic framework in cybersecurity that provides a guide on how security
processes should be carried out in securing information. It has three fundamental principles that
include confidentiality, integrity, and availability (Chai, 2022). Confidentiality assures the
protection of information from unauthorized access by applying rights to only the authorized. A
good comparison is from how a youth keeps his or her diary, which is accessed by the owner or
someone with a key. The confidentiality could be preserved by second or further layers of
security, such as encryption, passwords, and advanced passwords, or two-factor and/or
multi-factor authentication (MFA). For instance, while logging in to their bank accounts,
authenticated users use passwords and unique security questions to prove that they are the actual
owners of their funds. Integrity involves accuracy and trustworthiness in information, thereby
ensuring no alteration in the information by any unauthorized people. If it were a written
contract, you wouldn’t want anyone to alter it after it was signed without your consent. To ensure
the integrity, checksums, hashes, checksum functions, and digital signatures can be applied.
Tools that verify the permissions granted to files, for instance, guarantee that the software was
authentic and unaltered. Availability refers to making sure the data is accessible to anyone who is
responsible or allowed. Maintaining optimal system performance for data backup, information
categorization, and disaster recovery procedures is typically how this is accomplished. Cloud
storage services that use redundant servers to guarantee that consumers may access their data
without any disruptions or losses even after this happens are an excellent example.
Authentication vs. Authorization
Although authorization and authentication are sometimes confused, they are two different
processes in the field of cybersecurity (Auth0, n.d.). Establishing your identification, or
confirming that you are who you claim to be, is the process of authentication. It’s comparable to
presenting identification to enter a secured structure. Authentication techniques include security
tokens, biometrics (facial recognition or fingerprint), and passwords. For example, you need to
verify your identity by entering your login and password while attempting to access your email
account. The process of determining what actions are permitted following successful
authentication is known as authorization (Fortinet, n.d.). It’s like getting access to different
rooms of a building depending on your status. Permissions are the capabilities that are assigned
to a user account that determines the actions they can perform. For instance, after logging into a
cloud storage app, you may be allowed to read content but not erase it, unless you are an admin.
All in all, understanding the CIA triad is important for businesses and individuals to develop
good security policies. Similarly, distinguishing between authentication and authorization is
important to ensure the right of access is given to the right person to avoid unauthorized access.
These principles can be implemented to protect data and build trust in an organization’s systems.

References
Chai, W. (2022). “What is the CIA Triad? Definition, Explanation, Examples.” TechTarget.
Retrieved from
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Auth0. (n.d.). “Authentication and Authorization.” Auth0 Documentation. Retrieved from
https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization
Fortinet. (n.d.). “Authentication vs. Authorization.” Fortinet Cyber Glossary. Retrieved from
https://www.fortinet.com/resources/cyberglossary/authentication-vs-authorization