CYSE-200T The CIA Triad, Authorization Vs. Authentication Write-up

Posted by ktayl088 on

The CIA triad is an information security model that stands for “Confidentiality, integrity and availability.” It is a standard that is used among several organizations to maintain the three standards of the CIA triad.

CIA Triad Broken Down

All three of these aspects are designed to maintain the three most important principles to information security. Confidentiality is the act of keeping data and information private, it is meant to protect sensitive information. Integrity is the act of keeping information accurate and consistent. Availability involves keeping information readily available where and when it is needed promptly.

Examples of the CIA Triad

Two-factor authentication and data encryption are examples of confidentiality. User access control and disclosure policies are examples of integrity. Frequent hardware updates and assessments are examples of availability. These processes are essential to information security and can be executed by concepts such as “Authentication” and “Authorization”.

Authentication & Authorization

Authentication is “the process of verifying that someone is who they say they are.” Two factor authentication is an example of this. Authorization is “the process of determining a user’s level of access” User access control is an example of this (Wesley, 2022). These terms are often used interchangeably, but there is a distinct difference between these two. For example, say you are working in an office building. Your company deals with secure information daily and has a strict entry policy. Jared is a new intern that is permitted to enter the building. You recognize his face, his badge and his social security number, this authenticates him as Jared because he is who he says he is. However, since Jared is just an intern, he is not authorized to enter the data room or attend confidential meetings. He does not have access to these parts of the company yet.

Conclusion

In conclusion, this framework is essential to maintaining the three most important factors of information security in an organization. using authentication and authorization, this information can be further secured. understanding the difference between the two terms helps to divide and create an effective strategy when it comes to permitting users.


References

Onelogin, Authentication vs. Authorization. OneLogin, www.onelogin.com/learn/authentication-vs-authorization.

Chai, Wesley. (2022). “What is the CIA Triad? Definition, Explanation, Examples”, Techtarget, What is the CIA Triad? Definition, Explanation, Examples | TechTarget

Leave a Reply

Your email address will not be published. Required fields are marked *