Free Writes

Information Security Needs the CIA Triad

kfors002 CYSE 200, Write-Ups


The CIA Triad stands for confidentiality, integrity, and availability; these are the core
principles for organizations used as a standard for information security. By implementing these
principles, companies can secure their information.
Confidentiality
The role of confidentiality is to secure the sensitive and private information that a
company is involved with. An example of confidentiality is confirming your date of birth at a
doctor’s office or by saying the last 4 digits of your social security number. It ensures that only
the people who are involved in handling that specified information can access that information.
Another example of this is two-factor authentication, as integrated by ODU with DUO Mobile
(Chai, 2022).
Integrity
The importance of integrity in information security is the ability to trust or notify of any
alteration of any information. Companies use version control and file permissions to document
data changes to ensure that information is documented correctly (Hashemi-Pour, 2023). Making
sure only trusted authorized people can change information. An example of this can be digital
signatures and file history logs, which display the previous versions (Chai, 2022).
Availability
The purpose behind availability is to allow accessibility of information, securing the
proper functions of systems to operate as a business. What this looks like in practice is that
disaster recovery and safeguards are integrated into systems, should something happen to the
connection of the information (Chai, 2022). This allows operations to continue smoothly and with
minimal long-term loss of connection or data.
Authentication vs. Authorization
The difference between authentication and authorization is that authorization grants
permission, and authentication confirms identity. Authorization requires authentication.
Authentication can be defined as verifying who you are. Examples of this include answering the
preset question from your bank. Authorization is the power one has that allows permission to
“access system resources” (Kosinski,2024). An example of this is teachers being able to change dates in their class Canvas or put tests behind password walls.
Conclusion
By integrating the CIA Triad, companies will inherently have better security practices
along with a more secure routine of information security. It is important in this field to always
have updated responses with checks and balances, which are integrated through the CIA
principles and the understanding of authentication and authorization roles.
References
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition
from TechTarget. WhatIs.
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-a
vailability-CIA
Chai, W. (2022, June 28). What is the CIA triad?
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-a
vailability-CIA
Kosinski, M. (2025, April 15). Authentication vs. authorization: What’s the difference?
IBM. https://www.ibm.com/think/topics/authentication-vs-authorization