The CIA Triad is a trio of elements that make up the most crucial and foundational needs in cybersecurity. Confidentiality, Integrity, Availability are the three elements that make up the triad. The purpose of the CIA Triad is to incorporate the three principles within an organization in order to help guide the development of security policies. Confidentiality is a set of rules that limit access to sensitive information. Integrity is simply the assurance that the data presented is trustworthy and accurate. Availability is the guarantee and assurance of having reliable access to information by authorized individuals. The CIA Triad is also sometimes referred to as the AIC Triad to avoid confusion with the Central Intelligence Agency.
Confidentiality can be similarly viewed in the same light as privacy. The concept was designed to prevent sensitive and concealed information from getting into the hands of unauthorized individuals. There are multiple levels of confidentiality that organizations will categorize on a scale of potential damage that could be done if fallen into unauthorized hands. Individuals who are allowed access to these sensitive documents are specially trained to know about the risk factors that could potentially occur and how to fight against them. Having a strong password is just one of the many ways to incorporate confidentiality. An example of confidentiality that can be used in everyday life would be the username and password to an individual’s investment account such as apps like “Robinhood”.
Integrity is a concept that involves maintaining accuracy, consistency, and trustworthiness of data over its entire lifecycle. There are steps that are taken in order to make sure that data cannot be changed or altered by any unauthorized individual. It is important that data stays consistent and reliable in an organization. Many organizations may use something known as a “version control system”, which is designed to track and retain information about changes in data. It is imperative that an organization incorporates a form of version control to prevent any possible accidental deletion or inaccurate change done in part by authorized individuals. There can also be non-human caused events that can potentially change data such as server crashes or electromagnetic pulse.
Availability means that the information provided by an organization should be consistently and readily accessible for authorized individuals. This includes the proper maintenance of hardware and technical infrastructure that holds and displays the data. Availability also involves maintaining a properly functioning operating system in an environment that is free of software difficulties and conflicts. It is also important to communicate and stay updated regarding new system upgrades. Communication is key for a company or organization to thrive and keep information available to authorized parties.
There are some key differences when it comes to authorization and authentication. Authentication simply means to verify that a person has the necessary credentials to be allowed access onto a computer, network, or application. A commonly used method of authentication would be a username or password. Authorization means to specify the valid actions a user can take when using certain resources. An example would be a chief architect and a project manager will have different accessibility to resources and the restrictions regarding what these positions are individually allowed to
do.
https://www.fortinet.com/resources/cyberglossary/cia-triad
https://blog.plainid.com/authentication-vs-authorization-understanding-the-differences