Bluf: In this article we discuss the differences between authorization and authentication along with the CIA Triad. The CIA Triad is crucial within information security, and both authorization and authentication are important factors that correlate with the CIA Triad. >?

CIA(AIC) Triad

The CIA Triad is an acronym that stands for confidentiality, integrity and availability. It is also known to be described as the AIC Triad to avoid confusions with other organizations. The CIA Triad is a model that guides organizations policies and books to ensure information is safe and secure. The “C” in CIA Triad stands for confidentiality, it is the measures designed to prevent sensitive information from unauthorized access attempts. The “I” stands for integrity, it is used to maintain the data’s accuracy and consistency. The “A” stands for availability, it is the principle that ensures the data is readily available to access (Chai, 2022).  With that being said, all three terms work together to ensure information is kept secure within an organization system.

Confidentiality, Integrity and Availability

          Confidentiality, Integrity and Availability make up the CIA, but what do they exactly entail? Well, confidentiality is the act of protecting data and systems. Organizations train workers and staff to access risks and teach ways and processes in which they can mitigate them. This can be by using strong protected passwords or authentication methods (described later in the paper). Integrity includes but is not limited to controlling what users can do with their access. For example, changing settings and changing data within the system is used within the integrity principle. Availability is the use of making sure data is readily available. This principle includes, performing hardware repairs, ensuring the os of the technology is updated and free of malware, and keeping technology updated as a whole/collection (Chai, 2022). This principle also ensures that if anything happens in an attack or disaster there are safety nets in place that will protect the life of the data.

Authentication

          Authentication is the process of verifying a user (SailPoint, 2023). When individuals attempt to enter systems or buildings in a professional standing, authentication is often used. This process can be seen in many ranges such as, facial recognition, physical Identification badges, passwords, biometrics, etc. The way in which organizations ask to prove who you are may vary depending on the organization. A common example of authentication is two-factor-authentication. Though it may be a headache at times, it provides an extra step of security to data, accounts and many other systems. This makes it harder for any perpetrators to gain access to data and accounts even if they have access to a user’s password.

Authorization

          Authorization takes place after authentication, it is the process of verifying what individuals have access to when they are authenticated (SailPoint, 2023). When users gain their authentication, depending on who they are and how high their position is within the organization, they may have access to more data and systems than someone else. Often authorization is completely controlled by higher ups and the users with authentication cannot change settings or anything related to what they can access. For example, the boss would have access to almost everything in the system whereas someone who just joined the team would have access to a very small portion of the system. It is often looked at as tiers. The longer someone has worked with a company, the more experience they have and the more they are trusted with access to more important data.

Conclusion

          In conclusion the CIA (AIC) Triad is used to guide books and polices of organizations to ensure data and information is secure. Availability, integrity and confidentiality are considered three important principles; therefore, they are heavily focused on within the CIA Triad. Without the CIA Triad, organizations would have to develop their own books and policies to ensure the safety of their data, however, CIA Triad does it for them and is used as a universal guidebook. Authorization and Authentication are two processes that coincide with each other, with Authentication coming first. It is the process of identifying the user and ensuring they are correctly identified, while Authorization is the process of verifying what those users have access to. These processes ensure that the data is safe and is accessed only by those with the correct permissions to do so.