The CIA triad consists of confidentiality, integrity, and availability, which help “guide policies for information security within an organization” (Chai 1). An organization can use these as a set of best practices to access its network and data security weak points and implement policies and practices for cybersecurity professionals to follow.

The three components of the triad

Confidentiality is the overall privacy of information. It involves protecting information from falling into the wrong hands. Some examples of confidentiality practices include “implementing multifactor authentication systems, and training new employees to recognize potential security mistakes” (Coursera).
Integrity is the trust that the information provided is correct and trustworthy. This involves creating a system that keeps data safe from alterations. This does not always include malicious intent. An example of data integrity practices that an organization may implement is to “determine who can change the date and how it can be changed” (Coursera)—creating level access to be able to make these changes. For example, in a computer system, one might be assigned the administrator role, allowing them full access to make adjustments to data.
Availability is the assurance that data is accessible and that its confidentiality or integrity is not compromised. It also involves protecting data and ensuring that it is accessible in the event of a disaster, data breach, or sabotage. “All organizations have designated employees with access to specific data and permission to make changes. Therefore, security framework must include availability” (Coursera).

Authentication Vs. Authorization

Authentication refers to the process of confirming a person’s identity and ensuring that they are who they claim to be. This can be achieved through various methods, such as providing credentials, a username and password, or biometric information such as facial recognition. Authentication is vital to ensure that only authorized individuals can access certain resources and information.
Authorization is the act of granting permission to an individual to access specific areas or information within an organization. It determines the level of privileges that a person may have based on their clearance level. The main purpose of authorization is to restrict access to data, ensuring that only authorized personnel can access it and preventing any potential security breaches. Authorization refers to the permission granted to a user to perform specific actions on a system or application. For example, if you have an online profile and are assigned the role of an administrator, you will have the authorization to modify the personal information in that profile. However, other users who have a lower level of access privileges will only be able to view the information that you have provided.

Conclusion
The CIA triad, consisting of confidentiality, integrity, and availability, serves as a fundamental framework for guiding information security policies within an organization. By prioritizing these three components, organizations can identify and address vulnerabilities in their network and data security, and establish policies and practices for cybersecurity professionals to adhere to. Additionally, the concepts of authentication and authorization play crucial roles in ensuring data security. Authentication confirms an individual’s identity, while authorization determines the level of access and privileges granted to authorized personnel. Together, these principles form the foundation for robust information security practices within organizations.






References:

Coursera Staff. (n.d.). What is the CIA triad?. Coursera. https://www.coursera.org/articles/cia-triad

Weatherston, G. (2022b, September 29). Authentication vs authorization – what’s the difference? freeCodeCamp.org. https://www.freecodecamp.org/news/whats-the-difference-between-authentication-and-authorisation/