At its core, the CIA Triad serves as the foundational framework of cybersecurity by shaping
how organizations protect information systems through a balance of confidentiality,
integrity, and availability. Confidentiality functions as privacy in the digital world by
establishing rules that limit access to sensitive data (Chai 2). Practices such as multi-factor
authentication and data encryption allow organizations to effectively secure sensitive
information. Integrity ensures that data remains accurate and trustworthy by protecting it
from being tampered with (Chai 4). Organizations implement access controls and
permissions to detect and prevent unauthorized changes to sensitive data (TechTarget).
Availability allows authorized personnel to have reliable access to systems and their data
when needed (Chai 4), supported by regular maintenance, system updates, and recovery
planning that minimize downtime (TechTarget). When these principles are treated as an
integrated system rather than separate concepts, organizations are better equipped to
maintain a secure environment. While authentication and authorization both support the
CIA Triad, they perform different roles in securing systems. Authentication is the process of
verifying a user’s identity by answering the question, “Who are you?” For example, access to
the DFAS (Defense Finance and Accounting Service) portal requires service members to
authenticate using a Common Access Card (CAC) or a username and password.
Authorization follows authentication and determines what an authenticated user is
permitted to access by answering the question, “What are you allowed to do?” After logging in, a service member may be authorized to view pay statements, while only finance
personnel are authorized to manage pay records. Together, these concepts support effective
cybersecurity by ensuring secure, reliable, and appropriate access to information systems.