The CIA Triad

Posted by jpeck002 on

The CIA Triad is the core components to help guide security produces and policies of the company. I am going to go in-depth with the three core components and explain the differences between Authentication and Authorization.

Confidentiality
The first letter in the CIA Triad stands for confidentiality. The CIA Triad doesn’t have to do with the intelligence agency. Confidentiality is known as the company’s way to keep their client’s and themselves data hidden. A situation would be making sure that the company has the right authorized user for a specific asset such as finance. Being an authorized user allows you to see what others don’t have access to. Though, confidentiality can be violated still through attacks to gain unauthorized access to the databases and servers to steal data. Another way confidentiality can be violated is through humans, such as weak authentication systems, and password sharing with other accounts. Some ways to protect your confidentiality are data classification and encryption of your data. Most importantly is a good training program who are going to have a security clearance.

Integrity
Integrity means the quality of something complete. This means that the data that comes in and out has not been tampered with. Trust plays a big part in integrity because it means that it’s a reliable source that is authentic and correct. The company Target for example can be a trusted source to purchase something without the worry of your information being stolen. Banks can also be another trusted source because they deal with your finances, and you trust them not to tamper with your information. Some ways integrity can be compromised are changing your system logs, configuring files for avoiding detection. Some countermeasures include encryption, hashing, digital signatures, authentication.

Availability
When you have important databases, you need to ensure that your company has access to it. Everything has to be up and running for your users to access it. Having reliable access to the systems ensures that they can get their work done in the proper amount of time. Many things can bring the availability down. DDOS attacks are an example of bringing your systems down, which disable. Some ways to prevent this are fault tolerance, software updates, backups, DDOS protection.

Authentication v.s. Authorization
Authentication is something that verifies that you are who you say you are. Some methods of this are login form, verifying their identity to access their information. Authorization is verifying what certain files and data a user can access. An example of authorization is someone having access to the 401ks of a business who works in the finance department. This means no one else except a certain select number of users can access that information.

References
Fruhlinger, J. (2020). The CIA triad: Definition, components and examples. CIA Triad. https://doi.org/https://drive.google.com/file/d/1Mn3icTLG5X3W7tJjuDaohW8OscHdLOQI/view

Walkowski, D. (2019, July 9). What is the CIA triad? F5 Labs. Retrieved March 18, 2022, from https://www.f5.com/labs/articles/education/what-is-the-cia-triad

What is the difference between authentication and authorization? SailPoint. (2021, July 20). Retrieved March 18, 2022, from https://www.sailpoint.com/identity-library/difference-between-authentication-and-authorization/#:~:text=Simply%20put%2C%20authentication%20is%20the,a%20user%20has%20access%20to.

Leave a Reply

Your email address will not be published. Required fields are marked *