I have conducted research from multiple articles to be able to best explain the following topics:
“What does the CIA Triad stand for?” “What is the CIA Triad?” and “Authentication vs
Authorization”.
What does the CIA Triad stand for?
The CIA triad stands for confidentiality, integrity, and availability. To avoid confusion with the
Central Intelligence Agency it is sometimes also known as the AIC triad (availability, integrity, and
confidentiality). Below is a breakdown of the three key concepts that form the CIA triad:
Confidentiality –
The efforts of an organization to ensure data is kept secure and private from unauthorized
access. To ensure confidentiality, stringent data security measures are implemented according to
the categories. Data is commonly categorized depending on the amount and type of damage that
can be done if it were to be compromised. There are several ways confidentiality can be
compromised, including direct attacks from the attacker who’s attempting to view, take, or alter
data within the database.
Integrity –
Making sure that data is trustworthy and safe from tampering. The integrity of data is maintained
only if the data is consistent, accurate, and trustworthy. A system with integrity keeps data safe
from unnecessary changes, whether it be accidental or malicious. Steps must be taken to ensure
data is not changed in transit and to ensure that it cannot be altered by unauthorized people.
Availability –
Information must be consistently and readily available to authorized users. Even if data is kept
confidential and its integrity is maintained, it would be useless if it was not available to those
within the organization. This involves making sure that the hardware, technical infrastructure, and
systems are properly maintained to hold and display the information.
What is the CIA Triad?
The CIA triad is a guided model of policies for information security within an organization. The
CIA triad is crucial to the operation of an organization. It provides a high-level framework for
cybersecurity professionals to consider when providing certain tasks for organizations like
auditing, implementing, and improving systems, tools, and programs. When all three standards
are met, the security profile of the organization is stronger and better equipped to handle threats,
like data breaches.
Authentication vs Authorization
Authentication and authorization are two key roles in information security processes that
administrators use to protect systems and information.
Authentication is the process of authenticating a user, to ensure they are who they say they are.
There are many forms of authentication. Some examples of authentication are passwords and
security questions because only you would know your password or security question. Another
common type of authentication uses something you have. For example, getting a One Time Pin
(OTP) via SMS, email, or an app. It verifies your identity because it is your device.
Authorization is a security process that determines the level of access a user or service is
granted. We use authorization to give users or services permission to access some of the data or
perform a particular action. In a secure environment, authorization is always followed by
authentication. Users must first confirm their identities before the organization’s administrations
grant them access to the requested resources.
Conclusion
In conclusion, the CIA triad, authentication, and authorization all play crucial roles in keeping data
safe and secure against growing cyberthreats. The CIA triad is vital to information security since it
enhances security procedures and helps organizations. Authentication and authorization are also
vital to maintaining secure databases. When you first authenticate a user before granting
authorization, you will guarantee they are authorized to access the data and not someone with
malicious intent.
References
What is the CIA triad (confidentiality, integrity and availability) –
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Authentication vs Authorization –
https://www.fortinet.com/de/resources/cyberglossary/authentication-vs-authorization#:~:text=Auth
entication%20is%20a%20process%20to,access%20based%200n%20that%20level