Jose Gonzalez
September 18, 2022
The CIA Triad
BLUF
The CIA triad is a security protocol that follows three fundamental principles. These concepts being confidentiality, integrity, and availability. All three of these principles must be followed to achieve a good and effective security system.
What is Confidentiality?
Confidentiality is one of the three concepts to the CIA triad. Confidentiality is the principle of privacy. It is designed to prevent unauthorized people from getting important information from a system. The only people who should be getting vital information are authorized users. Companies do not want unwanted people to get private information, therefore they need a strong confidentiality system to prevent this. Building on the confidentiality concept is important to a company and its security system.
What is Integrity?
Integrity is another one of the three concepts of the CIA triad. Integrity deals with the trustworthiness of data. A company can not afford to have their data tampered or altered with. A breach of confidentiality could be detrimental to a company and their security system. If the confidentiality concept fails in a company, it can affect the integrity concept as well. Once an attacker breaks through and gets vital information, they can begin to alter the data, which then causes the data to be inconsistent and untrustworthy. If a company has a strong integrity system it can cause a company’s reputation to rise.
What is Availability?
Availability is the last concept in the CIA triad. This concept deals with the information that is easily accessible to authorized users. It should not be too hard for an authorized user to look at the information or data that they are searching for. This concept includes the maintenance of things that hold information. Availability is not easy to maintain because there are many things that can jeopardize it. These include but are not limited to, natural disasters, power failure, or human error. If authorized users can not easily access information, it can negatively affect the company and its workers or customers.
Authentication vs. Authorization
Authentication and authorization sometimes get confused. Authentication deals with the process of verifying a user or that they who they say they are. Authorization is the amount of access a user gets once they are verified or authenticated. Authentication uses things like passwords and usernames to verify your identity. Once a username and password is verified, it checks the database to see if the user exists. If it does exist, then it will authorize them accordingly. Authorization is about the level of access one has or permission. People mix these two words and definitions all the time. A good example would be a person trying to log in to their social media account. They are prompted with a username and password textbox. This is the authentication part of the process. Once the database can see that the user exists and it verifies the user, then the user will receive a level of access to the account they are logged in to. From there they can see and do whatever the system gives it access to. To conclude, authentication verifies the users identity and authorization is how much one can do or see once in the system.
Conclusion
The CIA triad is important to a company’s security system. It allows workers and users to get their jobs done without risk. Companies must follow the triad to lower security risks and prevent possible failure. A company can not survive with a weak CIA triad, therefore having a strong one is very important to a company.
CItations
Wesley Chai. 2022-06-28. What is the CIA triad? Definition, Explanation, Examples. https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view
Authentication vs. Authorization.
https://www.onelogin.com/learn/authentication-vs-authorizationDebbie Walkowski. July 9, 2019. What is the CIA triad? https://www.f5.com/labs/articles/education/what-is-the-cia-triad