{"id":291,"date":"2026-02-22T18:54:58","date_gmt":"2026-02-22T18:54:58","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/leilaniw\/?p=291"},"modified":"2026-02-22T18:54:58","modified_gmt":"2026-02-22T18:54:58","slug":"the-cia-triad-and-the-role-of-authentication-and-authorization-in-information-security","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/leilaniw\/2026\/02\/22\/the-cia-triad-and-the-role-of-authentication-and-authorization-in-information-security\/","title":{"rendered":"The CIA Triad and the Role of Authentication and Authorization in Information Security"},"content":{"rendered":"\n<p><strong>BLUF:<\/strong>&nbsp;The CIA triad is a foundational security model that balances Confidentiality (privacy), Integrity (data accuracy), and Availability (reliable access) to protect organizational data. Effective implementation of this model relies on the distinction between Authentication, which verifies a user\u2019s identity, and Authorization, which defines their specific permissions.&nbsp;<\/p>\n\n\n\n<p><strong>Confidentiality: Protecting Sensitive Information from Unauthorized Access<\/strong><\/p>\n\n\n\n<p>The CIA triad is a framework for creating organizational information security policies. There is Three principles:&nbsp;Confidentiality (privacy), Integrity (data accuracy), and Availability (reliable access). Confidentiality keeps access to only authorized users to information to act as a safeguard of privacy. In most cases, organizations protect the confidentiality of users by grouping data in a manner that is reflective of the impact of leaks and implementing methods to secure this such as encryption, two-factor authentication (2FA) or biometric authentication.<\/p>\n\n\n\n<p><strong>Integrity: Ensuring Data Accuracy and Trustworthiness<\/strong><\/p>\n\n\n\n<p>&nbsp;For data to be trust-worthy (and hence reliable) over its entire life cycle, integrity guarantees that the system never erodes. Such a principle, according to this principle, means that any information held in a system isn&#8217;t changed in transit and is safe from modification due to improper access. File permissions, user access controls, and digital signatures are common tools for integrity. Moreover, checksums and backups are being leveraged to detect data corruption and reinstate error-free information following a data crash.<\/p>\n\n\n\n<p><strong>Availability: Ensuring Reliable and Timely Access to Information<\/strong><\/p>\n\n\n\n<p>Access to information ensures that relevant people obtain information consistently and on time. This is done through hardware health, repairing solutions as they come and removing software collisions from the operating environment. Organizations maintain redundancy, failover systems, and a strong disaster recovery plan for the system to avoid any downtime from a hardware failure or malicious attack scenario, in this case a Denial-of-Service (DoS) attack.&nbsp;<\/p>\n\n\n\n<p><strong>Authentication: Verifying User Identity<\/strong><strong><\/strong><\/p>\n\n\n\n<p>The CIA triad lays the foundation, though, but the implementation of these aims is based on the difference between authentication and authorization. Authentication is the first step of checking someone\u2019s identity and it is basically a question of who the person is: &#8220;Who are you?&#8221;. This can be done using passwords, security tokens or fingerprints.&nbsp;<\/p>\n\n\n\n<p><strong>Authorization: Defining User Permissions and Access Levels<\/strong><\/p>\n\n\n\n<p>When identity verification occurs, Authorization defines the extent to which a user can perform specific permissions and accesses to it &#8211; the question, &#8220;What are you able to do?&#8221;. And they can&#8217;t even take data of users who are not authenticated are therefore not able to interact with anything which doesn&#8217;t play a part with their role.&nbsp;<\/p>\n\n\n\n<p><strong>Real-World Example: Authentication and Authorization in Online Banking<\/strong><\/p>\n\n\n\n<p>Online banking represents a relationship between authentication and authorization. When a user fills out his account number and password, they are undergoing an authentication process as an account owner. When the system authenticates its identification, it gives them the ability to see their balance and transfer funds from their accounts. The same client is not authorized by the system to visit the bank\u2019s internal log of its servers or get inside the private accounts of other customers of that same customer to read up on the bank\u2019s logs or any other data.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p>References:&nbsp;<\/p>\n\n\n\n<p>Chai, Wesley. &#8220;What is the CIA Triad? Definition, Explanation, Examples.&#8221;&nbsp;<em>TechTarget<\/em>, 28 June 2022,&nbsp;<a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/Confidentiality-integrity-and-availability-CIA\" target=\"_blank\" rel=\"noreferrer noopener\">www.techtarget.com\/whatis\/definition\/Confidentiality-integrity-and-availability-CIA<\/a>.<\/p>\n\n\n\n<p>&#8220;Authentication vs. Authorization.&#8221;&nbsp;<em>CyberArk<\/em>, 2024,&nbsp;<a href=\"https:\/\/www.google.com\/search?q=https:\/\/www.cyberark.com\/what-is\/authentication-vs-authorization\/&amp;authuser=1\" target=\"_blank\" rel=\"noreferrer noopener\">www.cyberark.com\/what-is\/authentication-vs-authorization\/<\/a>.<\/p>\n\n\n\n<p>&nbsp;Authentication and Authorization: How it Works? A Simple Explanation&nbsp;<a href=\"https:\/\/www.youtube.com\/watch?v=CvzPTeGv9Gw\">https:\/\/www.youtube.com\/watch?v=CvzPTeGv9Gw<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BLUF:&nbsp;The CIA triad is a foundational security model that balances Confidentiality (privacy), Integrity (data accuracy), and Availability (reliable access) to protect organizational data. Effective implementation of this model relies on the distinction between Authentication, which verifies a user\u2019s identity, and Authorization, which defines their specific permissions.&nbsp; Confidentiality: Protecting Sensitive Information from Unauthorized Access The CIA&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/leilaniw\/2026\/02\/22\/the-cia-triad-and-the-role-of-authentication-and-authorization-in-information-security\/\">Read More<\/a><\/div>\n","protected":false},"author":32190,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/posts\/291"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/users\/32190"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/comments?post=291"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/posts\/291\/revisions"}],"predecessor-version":[{"id":292,"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/posts\/291\/revisions\/292"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/media?parent=291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/categories?post=291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/leilaniw\/wp-json\/wp\/v2\/tags?post=291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}