BLUF
Much to the initial surprise of myself, it turns out that the CIA Triad actually has nothing to do with the Central Intelligence Agency of the same name, but the CIA actually stands for the concepts of confidentiality, integrity, and availability. It is actually a model that provides guidelines for information security policies with the three foundational concepts laying its groundwork. Despite its main components being seen as important and essential towards the demands of the field of cybersecurity, many experts in the field have grown to share the opinion that the model is in dire need of a proper upgrade in order to maintain its potency.
What makes up the CIA Triad?
The three foundational concepts that makeup the basis of the CIA Triad are confidentiality, integrity, and availability. Confidentiality can be seen as a parallel to privacy, as it encompasses the procedures that are meant to safeguard valuable and sensitive information from falling into the wrong hands. Integrity revolves around the idea of keeping data unchanged and consistent over the course of its lifespan. Availability can be summarized as the overall ease of access for individuals with proper access to information and the correct maintenance of the data systems that house the information(1).
Differences between Authentication and Authorization
Besides its three key concepts, the CIA Triad also is known to work hand-in-hand with both authentication and authorization. Both concepts deal with data, but in different manners. Authentication is the process that individuals are required to undergo in order to gain verified access to the data that is housed within the information system. On the other hand, authorization is the concept of what powers and privileges are granted to the individual once they have been verified as an authenticated user and what levels of data they are able to access using their particular authenticated identity(2).
Example of the CIA Triad
An example of the CIA Triad in action, in this instance the confidentiality concept, would be the usage of data encryption practices in order to keep information more secure in the case of data breaches(1). Encryption is the practice of converting data into code that can only be decrypted through the use of one or multiple encryption keys, which only authorized users would have access to. This ensures that even if the data were to be stolen through unauthorized access, it would still be generally unreadable by the hackers and would therefore remain secure until the hackers can be caught, and the data can be retrieved.
What are its issues and areas for improvement?
As alluded to in my BLUF, the CIA Triad is not without its flaws as a cybersecurity model. In the modern age where the Internet of Things has taken over people’s daily lives, the sheer number of different devices and the data housed within them has opened up problems for the CIA Triad. The stark increase in private devices that have access to the internet such as phones or tablets that are not computers has led to increased vulnerabilities and security concerns that open up new avenues that the CIA Triad must be molded and changed to properly account for(1).
Conclusion
In conclusion, the CIA Triad is still very much practical and can be the main model to follow for any upstart company that is looking to establish their information security policies. The three key concepts are still very applicable and will produce a well-kept and safeguarded information system to start with, and with the changes regarding the Internet of Things and a broader scope of security coverage for new and private devices, there are no glaring problems with the CIA Triad that can be exploited.
References
Chai, W. (2022, June 28). What is the CIA triad? definition, explanation, examples – techtarget. WhatIs.com. Retrieved February 5, 2023, from https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on (1)
rmoss006, P. by. (2022, April 19).
Ryan Moss. Retrieved February 5, 2023, from https://sites.wp.odu.edu/ryanmoss/2022/04/19/the-cia-triad-authentication-and-authorization/#:~:text=The%20CIA%20triad%20also%20directly,2015). (2)