CYSE 200T – The CIA Triad Write Up

Posted by mbrow096 on

The CIA Triad is the foundation of information security. It provides us with the 3 building blocks of what good security means. Without the CIA Triad model, security today would not be where it’s at right now. However, the CIA Triad does need to be updated because, with technology and attacks changing daily, the CIA Triad will soon be vulnerable and will not be relied upon anymore.

What is the CIA Triad?
The CIA Triad, not to be confused with the Central Intelligence Agency, is a security model that consists of three components: confidentiality, integrity, and availability. Confidentiality means the protection of information from unauthorized disclosure. Integrity means the protection of information from unauthorized modification. Availability means the ability of authorized users to access information when needed. The three components of the CIA triad form the foundation of information security.

What is Authentication?
According to (Authentication – glossary: CSRC 2023), authentication means “Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.” In simpler terms, it means that you need to have the right credentials to have permission to an application or device. As an example, you go to unlock your iPhone, but it needs to scan your face or fingerprint. That is authentication and without it, all our data would be at a loss.

What is Authorization?
According to (Security authorization – glossary: CSRC 2023), authorization means “The right or a permission that is granted to a system entity to access a system resource.” This is the next step after authentication to access your information. If your authentication fails, then authorization will not happen.

Differences between Authentication and Authorization
The key difference between authentication and authorization is that one is a verifier, and the other either denies or grants access. Authentication happens before authorization. During authentication, the device or application will need to verify the person logging in is who they are. Next, authorization occurs and most of the time access will always be granted if authentication passes. However, if authentication fails then authorization will not happen.

Conclusion
In conclusion, the CIA Triad is a very important building block to the foundation of IT and cybersecurity. Without it, organizations would be losing thousands of pieces of data every day because there would be no confidentiality, integrity, or availability when it comes to the protection of data. However, it does need to be updated so it can continue to be relied upon as the key factor to security in IT. Along with the CIA Triad being important for cybersecurity, authentication and authorization can not be forgotten as well. Without these two necessities, data leaks would be another problem for organizations and personal devices.

References
Chai, W. (2022, June 28). What is the CIA triad? definition, explanation, examples – TechTarget. WhatIs.com. Retrieved January 24, 2023, from https://www.techtarget.com /whatis/definition/Confidentiality-integrity-and-availability-CIA
Editor, C. S. R. C. C. (n.d.). Authentication – glossary: CSRC. CSRC Content Editor. Retrieved January 24, 2023, from https://csrc.nist.gov/glossary/term/authentication
#:~:text=Definitions%3A,resources%20in%20an%20information%20system.
Editor, C. S. R. C. C. (n.d.). Security authorization – glossary: CSRC. CSRC Content Editor. Retrieved January 24, 2023, from https://csrc.nist.gov/glossary/term/
security_authorization#:~:text=The%20right%20or%20a%20
permission,to%20access%20a%20system%20resource.

Leave a Reply

Your email address will not be published. Required fields are marked *