According to Chai (2022), \u201cConfidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people\u201d (p.1) . The CIA Triad is the foundation for what constitutes good cybersecurity. Having confidentiality, integrity and availability means our data and information have excellent security. \u201cIf our security system loses either confidentiality, integrity or availability, that becomes a vulnerability and an attacker can exploit it\u201d (Dion, n.d.). <\/p>\n\n\n\n
Further elaborating on Chai\u2019s definition of the CIA triad, confidentiality is just making sure that information has not been disclosed to unauthorized people. Say for example that I had a daily diary. Some of my best kept secrets that I don\u2019t want people to see are in that book. How I would protect that book would be to buy a journal with a lock on it. Then if I leave the journal under my bed, I would know even if my wife comes into the room and finds the book, she would not be able to open it without a key. In cyber security you do have the ability to lock server rooms that you don\u2019t want people poking around. Also we can lock the data itself with encryption. According to Chai (2022), \u201cData encryption is another common method of ensuring confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication (2FA) is becoming the norm\u201d (p.3).<\/p>\n\n\n\n
Another explanation for integrity is that, \u201cInformation has not been modified or altered without proper authorization\u201d (Dion, n.d.). What this means to me is only people allowed to edit data should be able to. For example as an Old Dominion University student I am allowed to log onto canvas and participate in the class and submit assignments. I can see the grades that I have received but I shouldn’t be able to go in and alter or change grades. That would be a breach of integrity. <\/p>\n\n\n\n
The third and final pillar is availability. According to Chai (2022), \u201cAvailability means information should be consistently and readily accessible for authorized parties\u201d (p.2). So going back to my ODU canvas example, what if I go to canvas.odu.edu and it says the webpage isn\u2019t available or can not be found? That means we have lost availability. I can\u2019t access the data and what good is it for the information to be secure, if I can\u2019t even access the data. <\/p>\n\n\n\n
According to Wickramasinghe (2023), \u201cAuthentication and authorization are two key processes that ensure only trustworthy and verified users can gain access to authorized system resources and data\u201d. \u201cAuthentication is when a person\u2019s identity is established with proof and confirmed by a system. Authorization Occurs when a user is given access to a certain piece of data or certain areas of a building\u201d (Dion, n.d.). They both sound very familiar but mean totally different things. In most organizations authorization comes first. You have to be given access to the material or data by someone else. Then to access that data you have to authenticate that you are who you say you are. That can be with knowledge, ownership, characteristic location or action. For example when I was previously in the military, to get on base past the military police I had to have been granted access to enter which is authorization. Then when I drive up to the gate guards I would have to authenticate who I am, which would be a CAC card that has been issued to me or a set of orders depending on the base. <\/p>\n\n\n\n
I personally think that every cyber security analyst should be very aware of the CIA triad. Our main goal is to protect and maintain data and information. The CIA triad Specifically lists out what is most important to prioritize. It is like sitting on a three legged chair, if one leg breaks then we will fall with it. <\/p>\n\n\n\n
References<\/strong><\/p>\n\n\n\n