CIA Triad

Posted by ostew003 on

The CIA triad is an important model that serves as a guideline for cyber and information security policies within organizations. The CIA triad has three parts: confidentiality, integrity, and availability. These three concepts are considered to be the most important when developing cyber and information security policies, and each of these concepts work together as a system to help organizations stay secure and operational. Authorization and authentication are 2 important concepts that help keep systems and data secure within organizations.

The CIA triad is made of three parts, confidentiality, integrity, and availability. Confidentiality means keeping data private and secure, and only allowing access to authorized users. Integrity means that data is trustworthy, reliable, and not changed by unauthorized parties. Availability means that data is always readily accessible to people that have authorization to access it. Without confidentiality, availability, and integrity, the data in an organization may be exposed to unauthorized users, it could be inaccurate or tampered with, or it could be inaccessible to those who need it, which could prevent them from effectively doing their jobs.

Authentication and authorization are important concepts that help keep users’ data secure within organizations. Authentication is the process of confirming a user’s identity, in other words, it’s proving that they are who they say they are. This can be achieved with things like passwords and multi-factor authentication. Authorization is the process of giving users access to data based on their permissions. This is usually achieved with things like roles, groups, or ACLs (access control lists). For example, someone from the finance department has permission to view finance data, but they don’t have permission to view data from the HR department and vice versa. This keeps data from falling into the wrong hands, where it could be intentionally or unintentionally exposed to other parties.

References:

Chai, W. (2022, 06 28). What is the CIA Triad? Definition, Explanation, Examples. Retrieved from https://drive.google.com/file/d/16BVXR0lZ0dtz71_-jehq0tpjHPTYf5GM/view

Fortinet. (n.d.). What Is the CIA Triad? . Retrieved from Fortinet.com: https://www.fortinet.com/resources/cyberglossary/cia-triad

Fortinet. (n.d.). Authentication vs Authorization: Key Differences. Retrieved from https://www.fortinet.com/resources/cyberglossary/authentication-vs-authorization

Leave a Reply

Your email address will not be published. Required fields are marked *