The CIA Triad

Posted by lwill065 on

The CIA Triad is a key principle of information security. CIA stands for Confidentiality, Integrity, and Availability. The Triad is referenced when creating security policies.


Confidentiality

Confidentiality ensures that information is only accessible to authorized individuals or parties. Depending on its value and importance, organizations can categorize information and plan their security policy accordingly (Hashemi-Pour & Chai, 2023). Information of high importance can consist of private data, which is protected by U.S. compliance laws (Kim & Solomon, n.d.). A policy that does not emphasize confidentiality could lead to the theft and misuse of personal data and intellectual property. If a person attempts to view the medical records of another and is denied access by the hospital, confidentiality is maintained.


Integrity

The prevention of data corruption or alteration falls under the integrity part of the CIA Triad. Data, such as an intellectual property asset, can have their value diminished if it has been tampered with (Kim & Solomon, n.d.). For organizations that rely on their data to conduct business, the lack of integrity is a serious threat (Kim & Solomon, n.d.). Therefore, security policies must have strong preventive measures to protect data from unauthorized changes. Integrity can be compromised due to the lack of confidentiality (Hashemi-Pour & Chai, 2023). When a system prevents the modification of a file, the data inside possesses integrity.


Availability

The ability to access information/data is called availability. The loss of availability can be caused by hardware/software errors, disasters, or malicious actions. Like the principle of integrity, availability can be negatively impacted by the breach of confidentiality. Organizations should have disaster recovery plans and backups. These precautions decrease downtime, allowing data availability even during adverse events (Kim & Solomon, n.d.).


Authentication vs. Authorization

Although these two terms seem similar, there are key differences. Authentication refers to the process of identification (Microsoft, n.d.). Before anything confidential is accessed, the person requesting the data must be verified. An example of authentication is when you are asked for ID before being allowed to view your private records. Authorization is permitting a person/party to view or alter data. For example, a document creator gives an editor permission to add text to a file.


Conclusion

The CIA Triad is made up of Confidentiality, Integrity, and Availability. Confidentiality prevents unauthorized parties from accessing information. Integrity concerns the accuracy of data. Availability is the ability to access information without issue. While authentication is the process of identifying authorized personnel, authorization is the permission given to said personnel.


References

Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition from TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Kim, D., & Solomon, M. G. (n.d.). Fundamentals of Information Systems Security, Fourth Edition. Retrieved from https://platform.virdocs.com/read/2012027/13/#/4/2/20/6[c1-fig0008]
Microsoft. (n.d.). Authentication vs. Authorization – Microsoft Identity Platform. Microsoft identity platform | Microsoft Learn. https://learn.microsoft.com/en-us/entra/identity-platform/authentication-vs-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *