BLUF
The CIA triad is an idea that information security consists of three main components:
confidentiality, integrity, and availability. This write-up will further detail the CIA triad and the
difference between authentication and authorization.
The Triad
The CIA triad is made up of confidentiality, integrity, and availability. Confidentiality deals with
safeguarding personal privacy and sensitive information. Integrity has to do with the guarantee
that information is reliable and correct. (Cawthra et al., 2020) Finally, availability ensures access
to information. These three main components are the most important within information security.
By utilizing all three components, organizations can better develop security policies and ask
more concentrated questions to determine the value that all three are providing. (Chai, 2022)
Authentication Vs. Authorization
Authentication and authorization both have to do with a systems’ access management but they
differ in their distinct purpose. Authentication confirms the identity of the user and authorization
is the process of allowing the user to access the system. Another key difference is that
authentication relies on a user’s credentials whereas authorization relies on a user’s specific
permissions. In other words, authentication is like entering your username and password into
your computer and authorization is like when a user accesses their email account but they aren’t
authorized to view others emails. Both of these processes work together to prevent breaches
and to ensure access control is secured. (Kosinski, 2024)
Conclusion
All in all, the CIA triad is an important and simple framework to follow. The three components:
confidentiality, integrity, and availability all work together to properly protect information security. In addition to the triad, authentication and authorization work hand in hand to prevent
unauthorized access and protect information.
References
Cawthra, Jennifer, et al. “Executive Summary — NIST SP 1800-26 Documentation.”
Nccoe.Nist.Gov, Dec. 2020, www.nccoe.nist.gov/publication/1800-26/VolA/index.html.
Chai, Wesley. What Is the CIA Triad? Definition, Explanation, Examples,
https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr
=on.
Kosinski, Matthew. “Authentication vs. Authorization: What’s the Difference?” IBM, 2 Dec.
2024, www.ibm.com/think/topics/authentication-vs-authorization.