Liana Jones
February 15, 2026
CYSE-200T
Professor Duvell
Breaking Down the CIA Triad and Access Control Basics
BLUF:Information security is based on the CIA Triad model which stands for
Confidentiality Integrity and Availability. It describes how information systems should
handle data. Authentication and authorization play into this model by validating and
allowing permissions based on credentials. Authentication validates the identity of a
user, while authorization validates what that user can do.
Confidentiality:
The CIA Triad represents the foundational information security model. It describes how
to handle data securely in an information system. Confidentiality ensures that
information is kept private and not disclosed to unauthorized users. Companies use
various methods to maintain confidentiality with their private data.These methods
include encryption, passwords, and various access control methods. When you login to
a secured website your information is encrypted so others cannot see it. TechTarget
states, “Confidentiality ensures that data cannot be accessed by unauthorized people,
and it protects data from unauthorized disclosure” (Chai, 2023).
Integrity:
Integrity is the assurance that information will not be modified without authorization.
When data is changed without approval, integrity has been breached. Hashing and
digital signatures can alert users to these modifications. According to the National
Institute of Standards and Technology, “the property of being protected against
unauthorized alteration or destruction” is integrity (NIST, n.d.).
Availability:
Availability makes sure systems and data are there when you need them. Secure data
isn’t very useful if no one can access it. Accurate data that is locked away doesn’t do
anyone any good either.We want authorized users to have access to the information
they need. To ensure availability, organizations will back up data and perform routine
system maintenance. Cyber criminals can also launch attacks that cause downtime.
According to NIST (n.d.), availability assures that “information is available to those who
need it when they need it.”
Authentication vs Authorization:
Authentication and Authorization sound similar, and they are related, but they are not
the same thing.Authentication is the act of confirming a user’s identity. It answers the
question, “Who are you?” When a student logs into their school portal, they will enter a
username and password. The system will check to make sure that the information is
correct. If so, the student is authenticated.
Authorization takes place after authentication occurs. It allows you to do things based
on who you are. It answers the question of “What are you allowed to access?” A student
may only be allowed to see grades. A professor may be allowed to put in grades. Both
users may login, but they have different authorizations.Authentication confirms who you
are, and authorization allows you permissions.
Conclusion:
CIA stands for Confidentiality, Integrity, and Availability information security principles.
Confidentiality relates to privacy, integrity relates to accuracy, and availability relates to
accessibility of resources. Authentication and authorization always go together.
Authentication is about verifying the identity of the user.Authorization allows people to
perform actions. These are common terms that you should know in Cybersecurity.
References:
Chai, W. (2023). What is the CIA triad (confidentiality, integrity and availability)?
TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-
availability-CIA
National Institute of Standards and Technology. (n.d.). Glossary: Confidentiality,
integrity, and availability. https://csrc.nist.gov/glossary