Write-Up: The CIA Triad

Posted by mhast005 on

 The CIA Triad: A Guide to a Successful Organization

When it comes to running a company, data protection and security are essential. This paper will be discussing the benefits the CIA Triad guide has for keeping an organization protected. It will go further in depth on how authentication and authorization are used in the guide and the differences between the two.

The CIA Triad

The CIA Triad stands for confidentiality, integrity, and availability. The model was designed to guide policies for information security within an organization. Confidentiality, for the safeguard of an organization’s information integrity for ensuring that data is only accessible to those with a need to know. Availability means ensuring all hardware and data are maintained and repairs are readily completed. In order to implement these structures, a company should ensure their data is encrypted (authentification) and has an access control list (authorization). This will ensure that the company knows who is accessing the data and that they are in control of how much information is accessible to them..  

Authentication vs Authorization

To follow along with the use of the CIA Triad, authentication and authorization should be integrated. This step will ensure that only individuals with a need to know have access to their data. Both steps are crucial and protect an organization’s security in different ways.

Authentication will be completed first; the user will be required to enter their credentials in order to be granted access to the organization. Access will only be granted to those with credentials. Authorization is granted after successful authentication. Authorization only allows users to access what their credentials state they are able to acess. 

The difference between the two terms is that they take different approaches to securing systems and data. To illustrate the contrast between the two terms, let’s say an individual is a teacher at a school. They log into the grade portal and are authenticated. They are now able to access the grade book. However, since they are only a teacher they only have authorization to view the grades of the students in their class. In other words, they were authenticated to be able to access the school’s grade book, but the authorization limits access to the grade book to just the teacher’s class. 

Conclusion

In conclusion, the CIA Triad is beneficial because it provides a guide on how to protect against data loss and improve security within an organization. Both authentication and authorization represent the ‘I’ for integrity in ‘CIA’. The differences between the two terms were stated to ensure they were not misconstrued for each other. Authentication allows entrance when credentials are valid, and authorization ensures that the amount of access granted is only for what the credential allows.

Works Cited

Broken access control vs broken authentication. PurpleBox RSS. (2022, January 19). Retrieved September 16, 2022, from https://www.prplbx.com/resources/blog/broken-access-control-vs-broken-authentication/ 

Authentication vs. authorization. Okta. (n.d.). Retrieved September 16, 2022, from https://www.okta.com/identity-101/authentication-vs-authorization/ Authentication vs. authorization: What’s the difference? OneLogin. (n.d.). Retrieved September 16, 2022, from https://www.onelogin.com/learn/authentication-vs-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *