CIA TRIAD: Authentication vs. Authorization

Posted by jprat004 on


The CIA triad is the base of all cybersecurity protocols and policies. It acts as the framework for
creating security systems and keeping cybersecurity ethical. CIA Triad stands for Confidentiality,
Integrity and Availability, they all do their part in keeping security systems safe and secure from
malicious outside or inside threats. Confidentiality means that all data is kept secret and secure
from anybody trying to steal data, it also makes sure that the right people can gain access to
information and that it is only accessible to the authorized users of that data. Integrity makes sure
that the data is correct and that it never gets changed or that anything gets removed from it. It
keeps data in its original state and keeps it from being altered. Availability makes sure that all of
the data can be accessed by a user and that they can get all their data that they had stored. It
makes sure that they have the accessibility and the authorization to reach their data. All three of
these work in conjunction to keep everyone’s data safe from hackers and data miners and do a
very successful job at it.
Authentication and Authorization are two similar concepts but do many different tasks.
Authentication verifies if the right user is getting the right data and makes sure that you are who
you say you are. Authentication is the first part of accessing encrypted and protected information
and in whole decides whether or not you are allowed to see or access the information. An
example of authentication would be 2 factor authentication with passwords and multifactor
authentication. Authorization is similar but different to authentication. Instead of verifying who
you are and determining whether or not you can access, it determines what you can or cannot
access.

Authorization takes place after authentication, and it asks and determines the
question of whether or not a person has access to certain information or resources.
Overall, authorization determines what you are allowed to access versus authentication
asking whether or not you are allowed to access resources. An example of authorization
would be Role-Based Access Control (RBAC). In conclusion, CIA triad has been
The foundation for cybersecurity policies and protocols for a long time and has helped
shape the world of cybersecurity very effectively with policy-makers following it every
when they make a new policy or create new systems of cybersecurity and authorization
and authentication are key parts of the CIA triad to help keep data safe and secure from
malicious intent.

Leave a Reply

Your email address will not be published. Required fields are marked *