The CIA Triad

Posted by mburd008 on
The CIA Triad is a model that consists of 3 things: Confidentiality, Integrity, and Availability. These 3 things contribute to the preservation and implementation of information security within an organization.

(C)onfidentiality
Confidentiality, simply put, is the safeguarding of sensitive information. It is in place to ensure that unauthorized individuals do not have access to said sensitive information. Only persons with the correct security clearance and a need-to-know should be able to access confidential information.

(I)ntegrity
Integrity “involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people” (Chai, 2022).

(A)vailability
In the context of the CIA Triad, availability means that an organization should always keep
information within reach of authorized personnel and ready for their use.

Authentication vs. Authorization—What’s the Difference?

“Authentication” and “Authorization” may sound the same, but they are two very distinct
concepts. Authentication is the verification of the identity of a person. Basically, are you who you claim to be? An example of authentication would be the DUO two-factor authentication system used right here at ODU. First, signing in with your MIDAS ID and password, and then sending a push or code to your mobile device to verify your identity. Authorization, on the other
hand, directs what an individual can and cannot access. For example, I may be authenticated to log onto a certain device but not authorized to view a specific folder or access a specific shared drive within that device.

Conclusion

There are many factors and things to consider when it comes to information security and
safeguarding an organization’s most valuable assets. The CIA Triad should be used by every organization to ensure a low-risk environment for security threats, whether accidental or intentional. It is the responsibility of everyone in an organization to understand how to safeguard sensitive information and the key differences between authentication and authorization.

Leave a Reply

Your email address will not be published. Required fields are marked *