Write-Up: The CIA Triad

Posted by ncook011 on

Prompt

Describe the CIA Triad, and the differences between Authentication & Authorization, including examples of each.

This write-up describes what the CIA triad is as well as the difference between authentication and authorization and provides examples to better help explain each topic. The CIA triad is a set of three different concepts that are the baseline for protecting information, meanwhile the difference between authentication and authorization is that authentication is verifying a person’s identity, while authorization is allowing a person access to resources only up to what they are permitted.

The Triad

The CIA triad consists of three ideas that, when combined, make up the current
guidelines for information security in present day: confidentiality, integrity, and accessibility. Confidentiality is the idea of preventing non-authorized people from seeing sensitive information. An example of confidentiality is restricting permissions for a folder to prevent non-authorized people from seeing. Integrity is the idea of making sure that the information is accurate and correct. An example is setting a file to read-only permissions so that no one can tamper with the file. Lastly, accessibility is the idea of ensuring that the information is accessible to the authorized people whenever they may need it. An example of accessibility is making sure that a company’s servers are always online so that employees can access the resources and information. The CIA triad “helps organizations ask focused questions about how value is being provided in those three key areas” (Hashemi-Pour & Chai, 2023).

Authentication vs. Authorization

Authentication is the act of verifying a person is who they claim to be, while authorization is giving a user access to certain resources according to what they are allowed to. An example of these two would be a locked server room in a company building: while the room is there for anyone to see, only few people such as managers or supervisors would know the passcode to enter the room, as they authorized to do so. To prevent unauthorized people who may know the passcode from entering the room, the room may also have an ID scanner that requires a valid ID card to be scanned: since it would be incredibly difficult for an imposter to steal a valid ID card, this would prove the identity of the person, otherwise known as authentication.

Conclusion

The CIA triad is a very important part of information security. It is critical that all three parts of the triad are considered, as missing even one can be a fatal mistake for an individual, group, or company when trying to protect information. Similarly, it is important to have both authentication and authorization, as without either of them, all information would be accessible to anyone.

References

Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition from
TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-
integrity-and-availability-CIA?jr=on

Leave a Reply

Your email address will not be published. Required fields are marked *