Introduction

The CIA Triad is one of the most important foundations of cybersecurity. It helps organizations protect their information and systems through three core principles: confidentiality, integrity, and availability. This model is designed to guide information security policies within organizations.

These concepts are not only used in large companies but also in everyday tools that we use as students, such as university portals, email, and online banking systems.

Confidentiality, Integrity, and Availability

The CIA Triad stands for Confidentiality, Integrity, and Availability, which together form the core of information security.

Confidentiality means that information is kept private and only accessible to authorized users. Organizations use passwords and encryption to protect sensitive data.
As students, we experience confidentiality every day when logging into the ODU portal. Security measures ensure that no one else can access personal information such as grades, financial data, or account details.
Integrity ensures that data remains accurate, complete, and unchanged unless properly modified by an authorized user.
For example, when submitting an assignment online, I trust that the file will not be altered and that my professor receives exactly what I submitted. In organizations, cybersecurity teams monitor system changes and maintain logs to prevent errors or unauthorized modifications. Even small mistakes, like incorrect settings, can disrupt entire systems.
Availability means that systems and information are accessible whenever authorized users need them.
A real example is the October 2025 AWS outage, when many platforms, including Canvas, became temporarily unavailable. Students could not submit assignments or check deadlines, and professors could not upload materials. This shows how critical system availability is, as even short disruptions can affect productivity and cause stress.

Authentication and Authorization

Today, most daily activities require logging into accounts—whether it’s email, school platforms, or banking systems. This is where authentication and authorization play key roles in cybersecurity.

Authentication is the process of verifying a user’s identity. This can include passwords, PINs, or multi-factor authentication.
For example, when logging into my university account, I must confirm my identity through Duo Security on my phone.
Authorization occurs after authentication and determines what a user is allowed to access or do.
Different users have different permission levels. For instance, I can view my grades and courses, but I cannot modify official academic records. Professors and administrators have higher levels of access. This separation helps protect sensitive information and prevents unauthorized changes.

Conclusion

The CIA Triad provides a strong framework for protecting information by focusing on privacy, accuracy, and accessibility. Understanding the difference between authentication and authorization adds another important layer of security.

These principles are not just theoretical—they are part of the systems we use every day as students and internet users. Learning about them helps us better understand how cybersecurity works and why it is essential for both organizations and individuals.