The CIA Triad, and Authentication & Authorization

Posted by jhern034 on

The CIA triad is instrumental in creation of organizational security polices, large or small. The resulting security policy helps prevent, counter, and recover from data compromise. Authentication & authorization are pillars of this model, protecting organizations by vetting and filtering what permissions are available to whom.

The CIA Triad
Confidentiality, integrity, and availability (CIA) of information are crucial to successful information security implementation. The CIA triad facilitates an effective and comprehensive foundation for any organizational security policy by ensuring information is limited to those who should have it, ensuring the information is free from compromise, and ensuring it is available when needed. Challenges such as large volumes of data to consider, or various formats on which the data exists should not deter organizations from taking adequate steps to safeguard them, as this only amplifies the need for CIA model implementation.

Authentication & Authorization
Although authentication and authorization go hand in hand, they both serve different purposes. Authenticating is the act of verifying a user’s identity, whereas authorizing verifies what information that user can access. Verifying every user’s identity and authorizations ensures the three pillars of the CIA triad are maintained. To authorize a user, you must first authenticate who they are to identify what they are authorized to do. An example of this is the use of a company owned computer. Each employee account has set permissions based on their role. To access those permissions, they must first log into the organization’s computer to authenticate their identity. Once logged in, the organization’s system authorizes them to conduct specific activities they are permitted to perform based on their role assigned by the organization.

Conclusion
Confidentiality, integrity, and availability of information dictates the overall organizational structure of any quality security policy. With these three pillars in mind, focus can be given to the usefulness of any implementation as it relates to any or all of them. Authentication & authorization relate to all three pillars equally. This ensures that unauthorized users do not gain access to, tamper with, or destroy restricted data or assets.

References
Authentication vs. authorization. Auth0 Docs. (n.d.). Retrieved January 28, 2023, from https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization
Chai, W. (2022, June 28). What is the CIA triad? definition, explanation, examples – techtarget. WhatIs.com. Retrieved January 28, 2023, from https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA


Leave a Reply

Your email address will not be published. Required fields are marked *