CIA Triad: Authentication vs. Authorization

Posted by jcard013 on

BLUF: I will discuss the CIA Triad and the difference between Authentication and
Authorization.
CIA Triad
According to Wesley Chai’s article, the CIA triad, also standing for Confidentiality
Integrity and Availability, is a framework policy used in Information security to maintain
security and is crucial in cybersecurity. CIA is sometimes also called the AIC triad to avoid
confusion with the Central Intelligence Agency. Confidentiality means to not share your
information with unwanted people. Integrity means making sure information is consistent
accurately trustworthy with its content. Finally, availability means information should
always be accessible to people who are authorized to access it.
Examples
An example of good confidentiality (according to Wesley Chai’s article) is using two-factor
authentication alongside usernames and passwords. This ensures even if someone has
your information, they might not be able to access it still due to needing an email or phone
number or even your hand. An example of integrity (according to Wesley Chai’s article) is
using checksums to check integrity and to see if a file has been messed with. Having logs
for checking logins, messages, and everyone who’s viewed a file is also important in
checking integrity. An example of good availability is having a service available at most
times in the day. For example, most social media is up most days for every hour and when
it’s not it is usually up later in the day. Social media usually has extremely good availability.
Authentication vs. Authorization
“Authentication is the act of validating that users are whom they claim to be.”
(Authentication Vs. Authorization | Okta, n.d.) While authorization is “the process of giving

the user permission to access a specific resource or function.” (Authentication Vs.
Authorization | Okta, n.d.) It is important to highlight the difference between as they are
very similar terms but are different and knowing the difference is important in the
cybersecurity field.
Conclusion
In conclusion, the CIA triad and its points are important to know in the cybersecurity
field to maintain a secure environment. The difference in Authentication and Authorization
while being small can have big impacts so it’s important to know that too. Knowing all
these things is keen in this field so make sure to use all these points when maintaining and
managing security risks.
References
Shea, S. (2022, August 11). What is data security? The ultimate guide. Search Security.
https://www.techtarget.com/searchsecurity/Data-security-guide-Everything-you-need-to-
know
Authentication vs. Authorization | Okta. (n.d.). Okta, Inc. https://www.okta.com/identity-
101/authentication-vs-
authorization/#:~:text=Authentication%20confirms%20that%20users%20are%20who%2
0they,world%20of%20identity%20and%20access%20management%20(IAM).

Leave a Reply

Your email address will not be published. Required fields are marked *