The CIA Triad

Posted by jseaf002 on

The CIA triad describes the most basic fundamental principle of cybersecurity.
Authentication is validating a user’s identity. Authorization approves or denies a request to
access certain data.
The CIA Triad
The CIA triad can be broken down into three different sides: confidentiality, integrity, and
availability. Confidentiality has to do with the security of private data and documents. Upkeep
confidentiality can be maintained through proper employee training, password requirements and
minimums, two-factor authentication. Integrity includes user permissions and user access to files.
This helps lock down files and prevent access to users, helping prevent deletion of important data
and documents from unauthorized users. Availability is “best ensured by rigorously maintaining
all hardware.” (What is the CIA Triad) This can include proper upkeep of the operating system
and environment used and repairing hardware hastily. Availability is also about staying up to date
with new technology and security and safety practices. The CIA triad is most optimal for smaller
businesses and data categories. It struggles with big data because the volume of data is hard to
keep secure. This can be a problem for certain businesses such as Amazon or Meta, but also a
problem for the government/military. For both the businesses and government, they are trying to
securely store their data and keep it away from breaches.
Authentication vs. Authorization
Authentication is validating a user’s identity before allowing access to a network or
system. This can be done in many different ways: basic authentication, two-factor authentication,
mobile authentication, and silent network authentication. Authorization approves or denies a
request to access certain data. “Google Docs is a good example because once the owner finishes
the document, they have to decide who can view the document without giving them complete
unrestricted access.” (Twilio) The two most common types of authorization include role-based
access control and attribute-based access control. Role-based access control (RBAC) allows
different tiers of information depending on user roles. Attribute-based access control (ABAC)
relies on a user’s attributes to grant authorization. (Twilio) These attributes can vary from
someone’s security clearance level to the file owner’s desired authorization to a user (viewer vs.
editor).
Conclusion
The CIA Triad is pivotal in advancing cybersecurity measures within organizations. It
allows access and covers all areas of security so that there aren’t any holes in the system.
Authorization is about allowing users into your system by validating their identity. Authorization
approves or denies the request to access data from a user based on their role or attribute.
References
Twilio. (2023b, February 22). Authentication vs. Authorization: What’s the Difference? Twilio
Blog. https://www.twilio.com/blog/authentication-vs-authorization
What is the CIA Triad_ Definition, Explanation, Examples – TechTarget.pdf. (n.d.). Google Docs.
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view

Leave a Reply

Your email address will not be published. Required fields are marked *