The main difference between authentication and authorization is that authentication is establishing identity to access data. When a user goes through an authentication process they usually have to end up typing in a password ,or going through other prompts (usually biometrics, security tokens, or even cryptographic keys). Whereas authorization is the certain privileges that the account holder already has. You can have a password to prove your identity ,however, when it comes to authorization the account has to be built with a certain authorization. Authorization deals with confidentiality because you have to be an authorized user in order to make changes or view the information you are authorized to see. The information has to be readily available for authorized users at all times. An example of an authentication attempt is when you are trying to log onto your computer and you have to log in using your password. An example of an authorization attempt is when you log into your bank account (after authentication) you see your account and can download different statements etc. When we are evaluating the CIA Triad we see the type of ways organizations make policies and guidelines to make cyber policies. They have three distinct steps: confidentiality, integrity and availability (What is the CIA Triad? Definition, Explanation and Examples, n.d.). Confidentiality is only when only authorized users and processes can modify data. Integrity is when data is maintained in a state where nobody can modify the information by accident or dishonest purposes. The final part of the triad is the availability portion. This is when only users that are authorized can access data at any time they need it.