Kwabena Asumadu
28/02/2025
Write Up: CIA Triad
Introduction
The CIA triad, which stands for Confidentiality, Integrity, and Availability, is a
fundamental model used to guide policies and practices in information security within
organizations. This model, also known as the AIC triad to avoid confusion with the
Central Intelligence Agency, consists of three core principles that are critical for data
protection and system security.
Confidentiality
Confidentiality, like privacy, protects sensitive information from unauthorized
access. It entails the deployment of access controls, encryption, and user authentication
mechanisms such as two-factor authentication (2FA), biometric authentication, and
security tokens. To ensure the confidentiality of information, online bank websites, for
example, use account numbers and passwords. Furthermore, training employees to
identify social engineering attacks prevents unauthorized data access.
Integrity
Integrity is the accuracy, consistency, and trustworthiness of information
throughout its entire existence. Data must not change while moving and be safe from
unauthorized entities. In ensuring data integrity, checksums, digital signatures, and
version control systems are important utilities. For instance, user access controls and
file permissions are barriers to unauthorized alteration, and backup systems allow the
restoration of data to its initial form if it is compromised.
Availability
Availability ensures information is always accessible to users with the right
credentials. This means staying up to date with hardware, staying current with systems,
and having sufficient bandwidth to prevent bottlenecks. Redundancy, failover, and
disaster recovery are crucial to preventing downtime. Cloud providers, for example, use

high-availability clusters to give users access to information even during
hardware failure.
Authentication vs. Authorization
Authentication and authorization, although frequently used in tandem, serve
different roles in information security. Authentication is the process of confirming the
identity of a user or system. This can be done through the use of passwords, biometrics,
or two-factor authentication. For example, when you log into your email account with a
password, you are authenticating yourself. Authorization, on the other hand, specifies
what an authenticated user is allowed to do. It sets permissions and access levels.
Continuing the email example, authorization decides what you can read, send, and
delete after logging in.
Conclusion
Consider the following: you enter a secure building, presenting your ID at the
entrance to verify who you are; this is called authentication. Once you’ve cleared that
door, the specific areas you’re permitted to visit; whether individual offices or individual
floors is based on your authorization. Grasping the nuances of the CIA triad and the
difference between authentication and authorization is critical to developing sound
security policies and safeguarding organizational information with success.
References:
1. Chai, W. (2022). What is the CIA Triad? Definition, Explanation, Examples.
TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-
availability-CIA
2. TechTarget. (2022). The three CIA triad principles.
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA