The CIA Triad: Availability vs. Authentication

Posted by kdale002 on

BLUF

The CIA Triad is a set of guidelines that have evolved over time into the standard for policies concerning information security. CIA stands for confidentiality, integrity, and availability. Confidentiality stands for the privacy of the information. Integrity involves how trustworthy the systems are that are in place to protect the information. Availability is how accessible the needed information is for authorized users.

The Triad

The CIA Triad is simply a set of guidelines to have a successful and protected entity, especially one with access to sensitive data. The CIA, also known as the AIC, is not only useful when building a security structure. It is also good to know to improve upon existing systems. It acts as a checklist of sorts to make sure businesses and corporations protect user data.

Authentication vs Availability

The A in the CIA stands for availability, but how about another “A”, authentication? Authentication is the verification of the user and making sure information is coming from a reliable source. In the last letter from the CIA, (A) availability, it is about making sure verified users can access their information. Authentication is all about making sure the person or user is the correct person, especially if they are who they say they are. It goes hand in hand with confidentiality. For example, information needs to be kept protected from unauthorized access. It is very easy to gain unauthorized access to someone else’s information. Therefore, more and more platforms require 2-step authentication when signing in, normally with something digital and physical: the password, a code, and a linked device.

Conclusion

In conclusion, the CIA Triad is a tried and true set of guidelines for the successful security of an entity or corporation. It stands to protect users and their sensitive data from cyberattacks and unauthorized use. It is also used when building new systems to make sure all precautions are taken. Although some argue that the CIA needs to be updated, it has been a solid foundation for the basics of cybersecurity. They are guidelines, not strict rules, they are meant to be enhanced and built upon, but not changed. Authentication being one of the many enhancements made to the system over the years.

References

Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition from TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Kolbach, A. (2023, July 27). Confidentiality, integrity, availability, authenticity, and non-repudiation. LinkedIn. https://www.linkedin.com/pulse/confidentiality-integrity-availability-authenticity-albert-kolbach/
Neiva, C., Moss, Y., Burnham, K., & Barker, P. (2025, February 21). What is the CIA triad? A principled framework for defining infosec policies. CSO Online. https://www.csoonline.com/article/568917/the-cia-triad-definition-components-and-examples.html

Leave a Reply

Your email address will not be published. Required fields are marked *