Joemar Zayas Duran (UIN 01157876)
CYSE 200T (CRN 16378)
September 13, 2024
The CIA triad provides what is needed to maintain information protection as well as server reliability. Confidentiality, Integrity, and Availability are the pillars of the triad as well as the pillars of cybersecurity. To maintain these pillars, authentication and authorization are used to control access.
Confidentiality
Confidentiality describes the ability to restrict access to information, allowing only the authorized to access the information. For example, not all members of an organization need access to admin command tools nor access to cyber threat reports, this information should be restricted to just the IT/Cybersecurity department administrators. Confidentiality also includes keeping viewers from outside of the organization from accessing organizational information; this can be achieved through encryption (GeeksforGeeks, 2023).
Integrity
Integrity describes messages or information that have not been altered. There are different methods of spotting information alteration, though a common one for messages and information is hashing and digital signatures. Hashing marks a document when it is created and sent, then the recipient can compare the hash with the one provided by their hash algorithm to compare for differences which signify alterations. Digital signatures can also accomplish a similar goal. Usually digital signatures require digital certificates and sometimes even a physical badge/ID which when used together provide the authentication needed to digitally sign. Some digital signatures are automatically removed when alterations are being forced onto an already signed document. Without a signature the organization can spot lack of authentication (Messer Studios 2020).
Availability
Availability simply describes the ability to access information whenever needed. This aspect can also assist in confidentiality and integrity when encryption services and authentication services are kept on separate servers. Having good availability includes the use of backup: servers, power supply, data banks, firewalls, switches, routers, and more. All these redundancies within the network help build tolerance against cyber attacks as well as natural disasters. Negligence in protecting availability can lead to authentication errors due to authentication services being overwhelmed or shutdown, to even simply not having access to data files for a variety of reasons (Messer Studios, 2020).
Authentication and Authorization
Authentication determines the identity of the user (“Member of organization?”), while authorization determines level of access (“Admin? Management? Department of___?”, “Read only? Read and Write? Read, Write, Execute?”). Confidentiality depends on an always available authentication database to ensure the ones accessing information are ones authorized with that information (“Is the individual part of this organization? Does this user have the permissions necessary for this specific information?”) (Auth0). Integrity follows a similar use of databases for identifying users to determine authenticity of signatures/certificates used.
Conclusion
Good confidentiality protects information from unauthorized access, while integrity ensures that the accessed information is not altered without authorization. Availability describes accessibility of the information without interruptions, which is usually achieved through redundancies in cybersecurity policy as well as backup systems.
References
Auth0. (n.d.). Authentication vs. authorization. Auth0 Docs.
GeeksforGeeks. (2023, March 13). Cia Triad. GeeksforGeeks.
Messer Studios. (2020, November 22). Confidentiality, integrity, availability, and safety –
comptia security+ sy0-401: 2.9. Professor Messer IT Certification Training Courses. https://www.professormesser.com/security-plus/sy0-401/confidentiality-integrity-availability-and-safety/