The CIA Triad

Posted by jjack102 on

At its core, The CIA triad is simply the relationship between confidentiality, integrity, and availability in the field of information security. The three aspects are linked to one another and as such, a change in one will result in a change to another. 

To start, confidentiality is how effective a given system is at restricting the access of sensitive data to only those individuals authorized to access it. Allowing unauthorized users to access private documents would be an example of low confidentiality while restricting data on a “need to know” basis would be an example of high confidentiality. Confidentiality is responsible for ensuring data is kept secure from both internal and external threats.

Confidentiality also includes two “Big A’s”; Authentication and authorization. 

Authentication is how a system verifies that any given user is truly who they claim to be. The most well-known form of authentication is the common requirement of a username and password.  Authentication is necessary to prevent users from pretending to be other individuals in order to gain access to critical data.

Authorization is how a system determines what data a user is allowed to access. For example, a manager may be authorized to access employee pay data, while an average employee would likely not be authorized to access said data. Authorization is important as it prevents users from accessing data that could jeopardize security.

Integrity is how effectively data is kept in its correct state and how hard it is to change said data into an improper form. Allowing any user to edit any document would be an example of low integrity while only allowing users to modify documents they have created would be an example of high integrity. Integrity is responsible for ensuring that data in a system remains accurate or in its intended form.

Availability is how easily someone can access data that they are authorized to view or edit. Forcing users to pass multiple “I am not a robot” tests would be an example of low availability while only requiring a username and password to access data would be an example of high availability. Availability is responsible for ensuring that individuals can easily access the data intended for their viewing.

All three aspects of the CIA triad are necessary for the proper function of a system. Confidentiality to ensure private data is kept private, Integrity to ensure data is kept in its intended state, and Availability to ensure data can be properly accessed.

Leave a Reply

Your email address will not be published. Required fields are marked *