The CIA Triad

Posted by lbeed001 on

Confidentiality
Confidentiality is what the first letter in the CIA triad stands for. The goal of having this is to prevent potentially compromising information from being seen by unauthorized eyes. The higher the damage that can be done if said information is discovered determines the amount of security given. Staff training and data encryption are good ways to mitigate a breach of confidentiality (Hashemi-Pour & Chai, 2023).

Integrity
Integrity is important because maintaining data to be as consistent and accurate as possible earns trust. Ensuring unauthorized people are unable to change the data in the event of a breach is essential in maintaining trust and integrity (Hashemi-Pour & Chai, 2023). Non-repudiation methods such as capturing digital signatures ensure that moves made within the network are able to maintain their integrity.

Availability
Availability is the assurance that data will be available to any party that asks for it at any given time. Frequent maintenance of the systems’ hardware and infrastructure ensures this (Hashemi-Pour & Chai, 2023). Guarding a backup of the data somewhere safe such as a locked physical location or behind a firewall also plays an important role in maintaining availability.

Authentication vs Authorization
Within the CIA triad, authorization and authentication are mentioned as ways to safeguard data systems. They are different in the way they go about this though, the distinction between them is crucial to understand. Where the process of authentication asks: “Who are you?”, authorization prioritizes the question “What permissions do you have?”. The prior question is “the method of verifying the identity of a consumer or system to ensure they’re who they claim to be”, while the latter is “the method of figuring out and granting permissions to a demonstrated user or system, specifying what assets they can access and what actions they’re allowed to carry out.” (GeeksforGeeks, 2024)

Conclusion
The CIA triad is essential for maintaining the confidentiality, integrity, and availability of data in cyberspace. Confidentiality prevents the unauthorized access of sensitive information, Integrity ensures data is not changed within transit or at any other point in time, and Availability strives to guarantee data is accessible whenever it is needed, while also providing backups in case said data is compromised. Without this triad, we would not be able to provide such a comprehensive framework capable of safeguarding systems and data

Citations
GeeksforGeeks. (2024, July 24). Difference between authentication and authorization.
https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition
from TechTarget. WhatIs?
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA

Leave a Reply

Your email address will not be published. Required fields are marked *