Pageof 3
ZOOM
CIA Triad: Key to Cybersecurity
Introduction
One of the main jobs of Cybersecurity is to protect data and make it available to the
authorized user(s), the basic principles of the CIA triad are important to that defense. The CIA
triad represents a number of different ideas that all pertain to the protection of data, from
accessing the data, to keeping it unadulterated. The “C” in CIA stands for confidentiality, a
concept that means making sure data is only accessible to the right person. Integrity, noted by the
“I” in CIA, involves keeping stored and protected data from being changed by unauthorized
parties. Data availability, or the ability for data to be available to authorized users, is the last part
of the CIA triad and represents the protection of access to data. One of the best ways to establish
a CIA triad in practice is to correctly administer authorization and authentication so that only
those users who are supposed to have access to data have access, while preventing unauthorized
users from gaining access. Using the CIA triad, along with proper identification of authorized
users, a cybersecurity professional is able to keep your data secure and available for access.
Confidentiality
The first part of any data protection involves keeping the data away from malicious users,
the word Confidentiality is used as a measure of the authorization of a user to data. As Welsey
from TechTarget defines confidentiality “Confidentiality means that only authorized
individuals/systems can view sensitive or classified information.” (Chai), basically it is the key
concept to the defense of data and the CIA triad. Imagine that confidentiality is the door man at a
building, only letting people that belong inside the building in, while rejecting outsiders. In the
example of an apartment building, the doorman defends the confidentiality of the building, he is
essentially the login screen that an authorized user would have no issue logging into. Normally in
a computer system there are also measures taken, outside of password and username, to keep
malicious users out. Back to the Apartment building, in order to keep people out the building has
a number of locks on the doors and windows, on the computer model the same thing is done with
encryption and firewalls. Confidentiality is the key element to any computer system, and the
proper use of it is used throughout the other elements of the CIA triad.
Integrity
Integrity represents one of the results of proper Confidentiality, the aim of this concept is
to keep information untampered with and unchanged. In the Apartment building, while the
doorman is defending the confidentiality of the various units, the purpose of the building itself is
to keep the state of apartments in a static condition, in this way the apartment itself is defending
the “Integrity” of the various apartments. Integrity pops up in a computer where important
information is stored, and the alteration of that information would be detrimental to the owner of
that data. Much in the same way that the doorman of the apartment might check to see that the
units inside the building are safe, a cybersecurity professional assures the state, or integrity of the
data that they are protecting.
Availability
With the first two parts of the CIA triad the goal was the protection of the data; the goal
of availability is that authorized users have access to the data whenever they need it. If a
computer system were to be set up with the information fully protected, but there was no way to
access the data, then that computer system is not helping anyone out. If the doorman of the
apartment does not let anyone access their apartments, then the confidentiality and integrity of
the apartments within serve no person and the lack of availability is detrimental to the patron.
Availability means that the user is able to access their data, and properly applied along with
confidentiality and integrity in the CIA triad, is crucial to any data driven computer system.
Authorization and Authentication
Authorization and authentication are the method by which the CIA gives confidentiality,
integrity, and availability of data. Together authorization and authentication are used to identify a
user, identify what that user has access to, and ensure an user ends up in the right part of the
computer system. While they work in tandem, the two concepts are actually different subjects
entirely. Authentication represents the method by which the user is identified, in order to accept
the right password for a system, the user accessing the system needs to be identified.
Authorization, on the other hand, represents the level of access that authentication of the user
allows. Using authentication the user logs into the system, once they are in the system the level
of authorization they have determines what, if any, parts of the data or system they can access. In
terms of confidentiality the user is then allowed access to the information based on their
authentication. The integrity of the system is then access based on the authorization the user has
access to, under the question of if the user should be able to alter that information. Lastly, with
the proper application of authorization and authentication, the user is then able to access the
available resources.
Conclusion
The CIA triad, along with authorization and authentication, gives users access to
information, knowledge that the information is retained safely, and gives access to that
information when the user needs it. Confidentiality measures the authentication of the user,
granting access based on those credentials. Integrity of the information is protected by only
allowing alteration of the data or system to those with the proper authorization. With
authentication and authorization properly applied, the user is assured availability to that
information. Authorization and authentication represent the level of access a user has and by
what information they are identified by the computer system. The knowledge of the CIA triad,
coupled with the correct use of authorization and authentication is the cornerstone of
Cybersecurity.
References
1. Chai, W. (2022, June 28th). What is the CIA Triad? Definition, Explanation, Examples.
TechTarget.com,
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view
2. The CIA Triad in Cryptography. (2021, Nov. 03) Retrieved from
https://www.geeksforgeeks.org/the-cia-triad-in-cryptography/
3. Authentication and Authorization. (n. d.) Retrieved from
https://www.onelogin.com/learn/authentication-vs-authorization#:~:text=Authentication
%20and%20authorization%20are%20two,authorization%20determines%20their%20acce
ss%20rights.