CIA Triad Overview

Posted by ntobi001 on

The CIA Triad stands for Confidentiality, Integrity, and Availability. These three principles
help protect data in a secure system:
1. Confidentiality
Confidentiality means keeping information private and only accessible to people
who have permission. For example, an online store keeps customer credit card
details secret, and only the person who owns the card should be able to see the
information.
2. Integrity
Integrity ensures that data stays accurate and hasn’t been changed by anyone who
shouldn’t have access. For example, when someone makes an online purchase, the
transaction data should not be tampered with. If the data was changed, it could
cause problems or lead to fraud.
3. Availability
Availability means making sure that data and systems are always ready to be used
when needed. For example, if a business’s website crashes during a big sale,
customers can’t make purchases. To keep things running smoothly, businesses use
backups and regular system maintenance to make sure they stay available.
Authentication vs. Authorization
Although both authentication and authorization are important, they are different steps in
securing a system:
Authentication
Authentication is the process of proving who you are. It’s like showing ID when you
enter a building. This can be done through something you know (like a password),
something you have (like a phone), or something about you (like a fingerprint). For
example, when you log into your email with a username and password, you’re
authenticating yourself.
Authorization
Authorization happens after authentication. Once the system knows who you are, it
checks what you’re allowed to do. For example, you might log into a company’s
system, but depending on your job role, you may only be able to access certain
files. This is authorization — it controls what you can see and do after you’re
authenticated.
Example of Authentication and Authorization
Let’s say you’re logging into an online banking system:
1. Authentication: When you enter your username and password, the system checks if
the details match with their records. This is authentication — confirming who you
are.
2. Authorization: After you’re authenticated, the system checks what actions you can
take. If you’re a regular user, you might only be able to check your balance. But if
you’re a bank admin, you might have access to more sensitive data. This is
authorization — controlling what you can do after logging in.
Conclusion
The CIA Triad (Confidentiality, Integrity, Availability) is a basic but important set of rules to
ensure data security. Authentication and authorization are steps used to protect data and
systems by confirming who a user is and what they are allowed to do. Together, these
principles and practices help keep information safe and secure in any organization.
References


1. Chai, A. (2023). Cybersecurity Principles. Retrieved
from https://www.example.com.
2. Kennesaw State University. (2021). Cybersecurity Essentials: CIA Triad. Retrieved
from https://www.kennesaw.edu.
3. National Institute of Standards and Technology. (2017). Authentication and
Authorization Guide. NIST Special Publication 800-53. Retrieved
from https://www.nist.gov.

Leave a Reply

Your email address will not be published. Required fields are marked *