CIA Triad Write-up

Posted by jalmo004 on

CIA Triad 

The CIA triad is a designed model in information security that plays a significant role in guiding the policies and efforts of an organization to keep the information secure. According to Ben Miller, Vice President of Dragos, the CIA triad model has developed over time. The initials of the CIA stand for confidentiality, integrity, and availability, whereby they are identified as the main components of the given model. In addition, the three elements are essential in demonstrating the importance of the CIA triad since they assist the development of security policies. 

Confidentiality entails keeping the information private so that only authorized users are able to access it. Integrity involves maintaining the data in a condition that does not allow changes by unauthorized users. Thus, integrity facilitates the process of maintaining the accuracy of the information. Availability means that the data should be accessible at any time the authorized user requires it (Fruhlinger, 2020). To illustrate the CIA model in practice, the process of the bank ATM operation can be considered. Firstly, it provides confidentiality since to get access to the information the user is required to enter a pin code and have a card, which constitute two factors of authentication. Secondly, the bank ATM enforces data integrity by ensuring that the transactions are reflected in the account of the user. Finally, by means of the bank ATM, it is possible to conduct transactions at any time, which advocates for the principle of availability. 

Confidentiality encompasses authentication and authorization. The difference between authentication and authorization is that authentication entails verifying the user’s identity through various credentials such as user name, password or ID. On the other hand, authorization enables a person to have full access to the information. Through authentication, the system is able to identify who the user is. However, having identified the user, the system does not grant them access to all information. It is through authorization that the system can identify various users who have been granted access to certain information. 

References 

Fruhlinger, J. (2020). The CIA triad: Definition, components and examples. CSO from IDG Communications, Inc. https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html  

Leave a Reply

Your email address will not be published. Required fields are marked *