The Illustrations of the CIA Triad and Authentication vs. Authorization

Posted by mbear002 on

In this write-up, I first describe the CIA triad and how all three functioning parts work

together best to help a security system run smoothly while being properly protected by ensuring

who needs to have access does, the systems have safe and reliable forms of backup protection in

case errors or attacks on the system happen, and how the systems keep the right information for

the right person available at any time. I then differentiate authentication as confirming one’s

identity vs. authorization as someone being able to access the information they are permitted to

view.

The CIA Triad

When a company, or being, needs to better learn how to protect its security systems and the

valuable information that it protects, they need to look at the balance needed to create a clean and

consistent foundation for their security. The triad is broken down into three main parts that all

coincide with each other, which are confidentiality, integrity, and availability. All, if balanced

properly, work hand in hand with each other to ensure better safety for organizations. This

module can be broken down into the simple idea that most organizations have certaininformation contained in their files that should only be accessed by those who need it and should

have access to it, which is described through the confidentiality part of the triad. It is then broken

down by the integrity side into the systems that protect all of that same information and how, if

left accessible to the wrong person or a fault in the security system, the organization would be

distraught. Finally, the availability side is seen as how accessible the information or data is to the

people who need to view it. The systems that keep this running smooth are in place to ensure it is

timely and effective at getting information kept organized and readily available to those needing

to access it.

Authentication vs. Authorization

Authentication is the act of a system confirming who is accessing the content or

information requested, while authorization can be defined as the confirmation that the right

person is able to access their specific permitted data or information.

Authorization examples could include the face ID on most devices nowadays, the

usernames that are created specific to you, and even the use of a valid ID in required places. On

the other hand, authorization would have examples as simple as who you give access to view or

edit a document, managers deciding who gets access to the companies’ asset information, or who

can change settings on your home alarm system.

Leave a Reply

Your email address will not be published. Required fields are marked *