Nicholas Robertson
CIA Triad Write-up summary
The CIA triad is a comprehensive three part security guide line that was established to guide companies in protecting their information.

CIA Triad overview
The CIA Triad is an acronym that stands for confidentiality, integrity and availability. The point of this being guidelines that helps companies and organizations protect their information from any unauthorized personnel. A company’s data is one of if not the most important asset to said company and It is the backbone of any organization. If stolen or compromised in any way, it can potentially kill a company within an instant and put many of its employees out of a job. We will be going over these points and explaining each one and discussing the difference between authentication and authorization.

Confidentiality
Confidentiality is the practice of concealing sensitive information of a company/organization that is not allowed to be viewed by anyone who is not authorized to view it. This can also be information within the company that other employees aren’t allowed to view because it’s not within their field of work. To give an example, the CPO (chief product officer) wanted to see an occurring company issue that could impact the supply chain of products, or if they wanted to see the projected sales plan for the upcoming quarter so that they can better prepare their finances and budget accordingly to avoid overspending. This is only information that the CPO, CFO, CEO, ect. Are allowed to have access to, because if that information was to get out it can be used against them. To give another example of this being used against a company. Imagine if Home depot was having a sale on power tools for the upcoming holiday and the event was supposed to start on 10/15/2022 and last until 11/1/2022. This information was to get out to their competitor Lowes, they could use this information and start their own sale a week or two earlier and try to capitalize on any customers that might be in need of a certain tool that is sold in both stores like Dewalt. This would in turn impact home depot sales on Dewalt tools and lower their estimated sales projections.

Integrity
Integrity is the process of keeping data from being changed or altered by unauthorized individuals. To ensure that information on certain documents and websites are correct, methods such as “hashing, encryption, digital certificates, or digital signatures” should be used in an attempt to “insure the integrity of your data.” (Fortinet.com, 2022). In certain cases, websites need to be verified as well, to ensure the information on the site is portraying the company in a correct and factual light. In these cases “you can employ trustworthy certificate authorities (CAs) that verify the authenticity of your website.” (Fortinet.com, 2022) Doing this will ensure that the business is presented in a more trustworthy light to any future investors and partnerships that might want to do business with them in the future. You can think of integrity as almost the brand image of the company, it’s the information that has to be correct inorder for anyone to trust you. An example would be if a small start up tool company was approached by a distributor like Home Depot and they wanted to sell the tools as an exclusive in their stores. But before they can go through with the deal, they need to look at the overall sales and projected sales for this product, to judge whether it would be a worth wild acquisition in their books. So the tool company gave them the information, but all of it was wrong. It was inflated to make them look better, so that they can guarantee a spot in their stores, but in reality they were tanking. Home Depot buys them, their products are in the store, it starts to tank in sales and Home Depot starts losing money. They later find out that the information given to them wasn’t truthful and so Home Depot gets rid of their products and vows to never work with them again, pretty much destroying the company’s reputation in the end.

Availability
Availability is having the information readily available for authorized personnel to view at any given notice. This extends to the hardware side as well, so things like computers, projectors, monitors, harddrives, etc. Anything that can be used in viewing the information needed is taken into accountability and is expected to work accordingly when the time comes to use it. A simple example of this would be if a stakeholder needs to see the current financial state of the company, but none of the information was available for him to view because the computers were down or needed to be updated. In the process of getting everything up and ready to use, you’re wasting their time and resources having to fix hardware on the fly, when it should have been kept up to date a while ago.

Authentication and Authorization
“Authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to.” (Auth0.com, 2013-2022). As stated above in the confidentiality portion of the write-up, it was mentioned that while information about a company was restricted to the public, the same can also be said for its employees. This is where authentication and authorization comes in and why it’s so important in the cybersecurity fields. To give an example, an employee that is working for the home depot will have authentication to log into the home depot database to look at basic information like pay stubs, schedules and news regarding the company. But they will not have authorization to look at more crucial information regarding financial and legal documents about the company as it’s more crucial that information like that doesn’t get out to anyone who isn’t authorized. The main difference between them is that authorization is like a subset to authentication, as it deals more with what certain people are allowed to have access to.
Conclusion
The CIA Triad should be the life blood of any company and should be taken with the utmost importance. Because if compromised, it’s easy for any company’s personal data to be stolen and their reputation to be dragged through the dirt.

Work Cited
Sources: https://www.fortinet.com/resources/cyberglossary/cia-triad
https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization