Uncategorized

CIA Triad: The Core of Information Security

Posted by kmaxe003 on

The CIA acronym or AIC is Confidentiality, Integrity, and Availability and is the core of information security for organizations. The triad is the backbone of cybersecurity and is essential to organizations in developing security policies and evaluating potential technologies and products (Chai, 2022). The difference between Authentication and Authorization is that one allows access, and the other determines what they can do with that access (Onelogin, 2023).

AIC or CIA?

The article What is the CIA Triad? Definition, Explanation, Examples (2022) states that C stands for Confidentiality, preserving sensitive data by limiting access to those who need to know. A prime example of Confidentiality is using a secret password only authorized individuals know to access information. Integrity protects data while it is transmitted, processed, and stored (Nweke, 2017). A simple way to control who can access a file is properly configuring file/folder permissions. This limits who can edit a file or access a particular share folder. Availability brings it all together by providing users the means to access data even with all the security measures in place. The concept of availability uses redundant high-availability clusters to give seamless access to authorized users (Chai, 2022).

Authentication vs. Authorization

According to One Login, the critical distinction between authentication and Authorization is that authentication occurs before Authorization. Authentication and Authorization are two very different terms since they are fundamentally two parts of a process providing users access. Authentication occurs when the individual uses one of three things; something they know (passwords), something they have (physical token), and something you are (fingerprint) to access a computer. Authorization is the security process that determines a user’s level of access. An excellent example of this would be allowing users to create and edit files but not allowing them to access the command prompt or create other users (Onelogin, 2023).

Conclusion

The CIA triad provides an essential set of goals that organizations use to establish their cybersecurity policies and the implementation of new software/hardware to meet the demands of an ever-changing market. Authentication grants access, while Authorization enables the user to control access. While both differ, they rely on the user to verify their identity.

References

Chai, W. (2022, 06 28). What is the CIA Triad? Definition, Explanation, Examples. Retrieved
from TechTarget.com: www.techtarget.com
Nweke, L. O. (2017). Using the CIA and AAA Models to Explain Cybersecurity Activities. PM
World Journal, 3.
Onelogin. (2023). Authentication vs. Authorization. Retrieved from www.onelogin.com:
https://www.onelogin.com/learn/authentication-vsauthorization#:~:
text=Authentication%20verifies%20the%20identity%20of,the%20sec
urity%20of%20a%20system.

Leave a Reply

Your email address will not be published. Required fields are marked *