What is CIA Triad

The CIA Triad could be referred to as the backbone of the information technology world. It holds all the important policies and guidelines that must be followed within the cyber security or information technology world. The acronym stands for Confidentiality, Integrity and availability. There are the 3 main points currently in the Triad, however according to Wesley Chai (2022), in the near future more specifics could be added for stronger security.


CIA or AIC

The acronym can also be seen reversed to keep confusion between the United States CIA. Starting with confidentiality, this is simply the protection of important information that should not be for the public eye. This is the practice of ensuring that sensitive information is only in the hands of those that it belongs in. Integrity in this matter could be described as the trusting that this sensitive data can not be tampered with during any transaction or passing through chain of command. Any sign of documents or data being changed unauthorized could be a sign of a cyberattack. Lastly, availability simply means that this sensitive information can always be accessed by those who have authority to do so.

Usage

First, to keep this sensitive information confidential, there has to be guidelines or procedures put in place. To be positive that this information is not reaching unauthorized hands, there must be protocol or more steps involved to reach this data. These processes are known as authentication or sometimes you may hear 2 factor authentication. A couple examples of this would be having a password and a fingerprint to open software or a face ID could be utilized. Another example would be location verification meaning, information can only be opened or accessed while at said location or headquarters. Successful integrity can be protected by having passwords to open different folders. In my work place currently, the medical field, many times an employee is required to type in personal passwords whenever they discontinue or start medications for patients, of course preventing those who are not authorized to do this. Availability may be the most difficult to accommodate of the 3 in the Triad. According to Josue Ledesma (June 2023), location availability is not very successful with a large company with many remote employees all over the world. At this point, a 2 factor authentication may be the best option.

Authentication vs Authorization within CIA Triad

The differences between authentication and authorization may seem to clash for some. When talking about the Triad, first, authorization is the question of are you allowed to access sensitive materials or data for this organization. Otherwise, should you be viewing or interacting with this material? This is where confidentiality comes into place. For example, those who work in shipyards or military are authorized to the information pertaining to their job duties. This grants someone permission to access. Authentication is the process of which someone is able to access the information, whether it may be a simple password, face ID, security questions but this process is how someone obtains these sensitive documents or personal information whichever the case may be.

Conclusion

The CIA Triad is very important to the information technology world as it holds the foundation on how sensitive information should be protected. Each branch has its own role in the success of organizations’ protection of cyber attacks. With authentication and authorization both having a major role in this, they are two different guidelines to ensure success in the Confidentiality, Integrity and Availability of the information. Knowing the difference between the two of them is essential in the process. This allows for only those who are authorized to obtain or access such data to do so and those who are, are able to authenticate or identify themselves before successfully gaining access to sensitive software and files.