The CIA triad is integral to information systems and the cornerstone of digital security. CIA stands for confidentially, integrity, and availability, which are all part of the information framework. Confidentiality is data protection using encryption, access controls, or physical keys. Integrity generally refers to how well the data can be trusted. This also means ensuring the data has not been tempered and is entirely legitimate. This part may also include things such as backups and cloud security services. Availability is the last, and this part of the triad ensures all systems are running healthy and are monitored. Within the framework of CIA, there are two significant components: authentication and authorization.
Let’s delve into the practical application of the CIA triad in the banking system. When a customer logs in, they must use a username and password for authentication. Once the system verifies the correct credentials, the user is granted authorization to their account and services. This authentication and authorization process is a prime example of how the CIA triad is implemented in the banking sector, enlightening us about its crucial role. The CIA triad ensures that the customer’s data is kept confidential, the integrity of the data is maintained, and the services are always available. This is why Chai’s Understanding of Confidentiality is essential because using 2-factor authentication can help users up security measures and prevent more hacking or data breaches. “Two-factor authentication is becoming the norm.” (Chai, 2022, pg 3) This is correct; nowadays, Two-factor authentication is standard practice for most apps that hold sensitive information, such as banks, schools, car insurance apps, home security, and even social media. This utilization of Two-Factor authentication truly helps boost the protection of our information, especially as the world continues to develop. Following this, we can explore more about what the triad can do for the banking world, such as utilizing a credit card as an authorized user. To use the credit card as their own, the person being issued an authorized user card needs permission and must gain access through authentication from the primary cardholder and the respected bank. Once the process is finished and the authentication is completed, it becomes authorized, allowing the user to use the card for purchases or other transactions within specific limits and conditions set by the primary cardholder. To think about this on a deeper level, authentication is all about confirming who you are, whereas authorization is for confirming what you can do.
The healthcare sector is another vital aspect of the CIA’s role. The CIA triad, with its focus on confidentiality, integrity, and availability, has significantly contributed to innovations and better healthcare. PHI (Protected Health Information) refers to a person’s records that need protection. It’s not just the records, of course, but the machines that hospitals use generally must stay connected to a whole mainframe of servers and databases. These allow machines like heart rate monitors, ventilators, and other vital systems to communicate. As we look to the present and the future, telehealth is already becoming a positive outreach to patients. Telehealth uses integrity to ensure the data that is being transmitted is secure, while availability ensures that the connection, devices, and applications are reliably connected. Authorization within the health sector can mean anything from the patient’s biometrics to the doctor’s iris scan for sensitive documents. These allow susceptible info to be authorized access to records. Overall, the health industry has used the CIA triad to further innovations, increase medicine production, and ultimately provide better healthcare, making us feel secure about our health data.
Education institutions are another large sector in which the CIA is used. If we take the example of a university, they store records, personal information, academics, and finances. These data types are stored on the vast networks of the university’s databases. These records are then used by resource offers, advisors, and even people within the financial aid department. Canvas for students is a good of allowing a centralized system for students to connect with professors. This enables a streamline of content work such as homework, quizzes, and interactive content. The CIA triad plays a crucial role in ensuring the safety of this data, providing reassurance about the safety of our academic and personal data.
Chai’s article states that the CIA Triad is crucial as it is a prominent “principle in cybersecurity and is known as the most important concept within Information security” (Chai, 2022, pg 2). The three components of the CIA Triad, Confidentiality, Integrity, And Availability, can be found everywhere in educational institutions. Confidentiality can serve as a way for data handling and privacy by using unique identifiers for student IDs due to the nature of everyone having personalized code unique to them and only being able to access it through authorized channels. Integrity is needed to take security measures, such as knowing who can access the data. Finally, availability is a preventive measure that allows encrypted data to remain accessible even during failure. This can be seen through the encryption of everyone’s university ID, enabling you to utilize dormitory access, dining, building access, and more.
When considering this more, universities utilize the primary functions of authorization and authentication regarding students’ ID cards. Everyone has a different and unique card number which is registered to their accounts; anytime a student tries to log into their school page, such as Leo online, every interaction uses authentication to ensure that the person logging into their account is the person the account is under and not having another individual stealing information or getting access into another personalized account and records. This helps boost security and protects any sensitive data, like records or financial information, from unauthorized users. Each card is programmed and encrypted to work differently per the user’s information and data alongside their unique identifiers.
Although many people use these two terms interchangeably, it is essential to remember that there are some differences. Authentication is verifying the identity of a user. At the same time, authorization determines what a user can do once their identity is confirmed. Together, these two helps uphold the confidentiality, integrity, and availability that make up the CIA. Both are fundamental mechanisms that ensure our data and information are secure and protected. With a clear understanding of these concepts, we can mitigate the risk of hackers and data breaches, empowering us with the knowledge to protect our data.
References
Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples. Perusall.com. https://app.perusall.com/courses/202410_cyse200t_16515-cybersecurity- technol-society/what-is-the-cia-triad_-definition-explanation-examples- techtarget?assignmentId=RcpjA5gnmdQxgPsYp&part=1
“What Is the CIA Triad and Why Is It Important?” Fortinet, www.fortinet.com/resources/cyberglossary/cia-triad. Accessed 22 Sept. 2024.