The CIA Triad is used as a basis for creating policies that ensure the information of any particular organization or business entity is secured. Using the three fundamental elements of cybersecurity, which are confidentiality, integrity, and availability, the CIA Triad has become the staple of information security. The CIA triad, as well as the concepts of authorization and authentication, will continue to stay relevant in the present cyber world as technology advances.
The Three Fundamental Principles
Not to be confused with the Central Intelligence Agency, The CIA in CIA Triad stands for confidentiality, integrity, and availability. These three concepts were recognized together in 1998, and are viewed as the most important fundamentals in cyber security (Chai, 2022). Confidentiality relates to the privacy of information. It involves the implementation of protective measures against unauthorized users accessing information, such as passwords, locks, and tokens (Coursera, 2023). As for integrity, cyber security professionals must ensure data remains consistent and unchanged throughout its lifetime (Chai, 2022). Finally, there is availability, which refers to the accessibility of information and the maintenance of hardware that displays said information (Chai, 2022). These three fundamentals are the basis of all cyber security operations. They can be used to plan, identify problems, and solve issues in order to create a secure network.
Authorization vs Authentication
Authorization and authentication are two essential terms in the cyber world. They are similar in the sense that they relate to the security of information. In order to have a secure system, you need both authentication and authorization to protect information. The differences between these two terms reside in their specific purposes. Authorization refers to the files and information an individual has permission to access (2023, March 3). For instance, in a workplace setting, an investigator would be authorized by a higher power, likely their employer or supervisor, to access classified files on a federal case. Authentication refers to confirming an individual’s identity (2023, March 3). For example, one element of confidentiality from the CIA triad is two-factor authentication (Chai, 2022). Two-factor authentication uses a secondary source besides a username and password before an individual can log into an account. One of the most common forms of two-factor authentication is a numerical code, which will be sent to the account holder’s phone number or email, that expires after a set amount of time. This way, if an unauthorized user had obtained an individual’s username and password, they would be unable to access their account due to the quickly-expiring code. The relationship between authorization and authentication is essential to creating a safe and secure network.
Conclusion
The CIA Triad has been using the foundational concepts of confidentiality, integrity, and availability in order to create a secure framework for cybersecurity professionals. These concepts, along with the use of authorization and authentication, have created security for not just professionals but for every individual in society. Individuals use authorization in their workplaces to ensure the security of information, and the average person can use authentication on their accounts such as banking and social media. Closely following these ideas will likely protect company networks and personal accounts alike until the foreseeable future.
References
Chai, W. (2022, June 6). What is the CIA triad (confidentiality, integrity and availability)? TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA.
What Is the CIA Triad? (2023, July 20). Coursera. https://www.coursera.org/articles/cia-triad.
What is the difference between authentication and authorization? (2023, March 3). SailPoint. https://www.sailpoint.com/identity-library/difference-between-authentication-and-authorization/#:~:text=So%2C%20what%20is%20the%20difference,a%20user%20has%20access%20to.