The CIA Triad

Posted by mcuce002 on

CIA Triad
Cybersecurity is a rather broad term, both in its definition and uses. However, at its core,
cybersecurity is the practice of protecting systems, networks, and data. With the vast
development of technology and the growing number of individuals with access to the internet,
cybersecurity proves its importance in keeping users protected. There are key principles and
practices that ensure not only the safety of data but also the proper control over who can access it
and what they can do with said data.

These key domains of cybersecurity are known as confidentiality, integrity and
availability. Also known as the CIA triad, this model makes up the foundation of cybersecurity.
Confidentiality in short, limits access to information, integrity maintains the quality and
trustworthiness of data, and availability is the promise of consistent access to information by
authorized users (Chai, 2022, pg.1).

Confidentiality

Confidentiality is a guarantee that data remains private. For this to be possible,
accessibility is only given to authorized personnel. Data is often classified by how sensitive
and/or vulnerable it is, which allows for the proper protocol to be utilized. Some of these
protocols include data encryption, two factor authentication or even employee training. An
example of this would be a banker having access to a client’s information after being given the
proper authorization. Unlike the banker, no other employees would be able to access or see this
data.

Integrity

Integrity ensures that all data maintains consistency, accuracy and trustworthiness, while
also guaranteeing the ability to transfer data without it being altered or stolen. (Chai, 2022, pg.2)
For example, part of a hospital’s duty is maintaining the integrity of a patient’s data. Which is
achieved by limiting the number of personnel which hold the ability to alter and/or access
medical records. Integrity relies on all data being authentic, accurate and reliable.

Availability

Availability keeps all data accessible for all authorized individuals. Maintaining systems,
protocol and hardware needed for access is critical. The use of data backups, backup power in
the case of blackouts or EMP, general maintenance to all systems which contain data ensure
availability to all users. Cloud backups are often used to maintain availability when individuals
or businesses want to switch devices or networks.

Authentication & Authorization

The use of authentication and authorization play a vital role in ensuring that the CIA triad is
upheld, both tying directly into protocol utilized by the triad. It’s important to understand the
distinction between the two concepts. Authentication verifies the identity of the user to ensure
confidentiality by making sure that only authorized users have access to data. Authorization
defines what an authenticated user can do, it can protect integrity by preventing unauthorized
changes to data, and also helps ensure availability by controlling access and preventing misuse
from unauthorized users.

Final Thoughts

With the need for cybersecurity growing by the minute, it’s important to understand the
fundamental concepts that define cybersecurity. The CIA triad provides the guidelines needed in order to ensure data remains safe. It presents itself as more than just a guideline, but as a path to
continue to develop new cybersecurity protocol and procedures.

References and Citations

References
https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view

Leave a Reply

Your email address will not be published. Required fields are marked *