The CIA TRIAD

Posted by ktrin002 on



The CIA Triad is a model meant to guide policies for information security in an organization. Its
services provide the curriculum for successfully commanding how an organization protects data
and assesses how the data is stored. CIA stands for Confidentiality, integrity, and availability.
Each of the triad’s attributes stands for a crucial element of information security. However, it is
also referred to as the availability, integrity, and confidentiality (AIC) Triad so it doesn’t become
commonly confused with the Central Intelligence Agency (CIA). Confidentiality says that without
permission, no one should view or read data. It also ensures that only people permitted to
access the data can do so. Integrity says that no data should ever be altered or corrupted. Data
is presumed to remain in its intended state and can only be modified by parties with the
appropriate authority. Availability says that data must be available upon proper request. It
guarantees that when needed, authorized parties can access data without restriction.
Authentication and authorization are both necessary information security processes that are
used as protection for systems and information. Individually they both have specific tasks, but
they work together to create a strong security process that protects thousands of systems
worldwide. Authentication is a process of verifying the validity of information trying to pass
through a system, and authorization is giving consent, or access, for something to be passed
through the system. An example of the two would be a student attempting to log into their ODU
portal. First, the system needs to go through authentication to ensure the student is enrolled at
the given university. They get this authentication from the student signing in with their MIDAS
username and password. After that, the student needs DUO, the mobile app, to allow them to
fully sign in. Once the student opens their phone and either types in their number code or allows
the ‘push’, the student is then given authorization to fully access their account. Authentication
and authorization go hand and hand with one another, and they continuously protect information
and security throughout cybersecurity.
https://www.cisecurity.org/insights/spotlight/ei-isac-cybersecurity-spotlight-cia-triad

Leave a Reply

Your email address will not be published. Required fields are marked *