CIA Triad


After conducting research on the CIA triad, it has nothing to do with the CIA at all. The CIA triad is just a set of principles that information security follows. Josh Fruhlinger talked about this in his article on the CIA triad. The CIA triad is actually an acronym for confidentiality, integrity, and availability. Confidentiality is used to make sure that users of the interface are protected and properly authorized to access and change certain data. Integrity is needed to make sure that the data is being modified, maintained, and accessed in a proper state and nobody unauthorized should be able to access and modify data in a malicious or accidental way. Lastly, availability is important because this allows the right people who meet the first two criterias to be able to access the data whenever they need to.

Fruhlinger states in the article that the CIA triad has no dedicated founder or a specific day on when it was created but rather it was formed over time as a point of reference for information security people could look back to in a time of need. It is crucial to take note of the infosec as ideas that are linked together rather than individual ideas. This is because it gives you a second point of view that is known to work so that when you are taking on information security problems, you are able to break it with efficiency.

Fruhlinger also goes on to talk about authentication. Authentication can be best described as a measure of security where the user is required to pass a second level of security such as a password or biometrics. It is also important because it can determine who has the proper authority to access certain information. The key takeaway from this is that authentication is important and a necessity because you do not want to give the wrong person access to information and it is also protecting the information security team from having to deal with an issue.

The main way to explain what authentication and authorization is in a situation where a new intern or employee is given an account by the company that hired them, he would need to enter their password that shows what they have access to, hence their authentication. Except, they would not have the same level of authorization as someone who is higher up in the company because they were given a lower level of authorization which grants them access to lower level information.

Leave a Reply

Your email address will not be published. Required fields are marked *