Name: Randi Bullard
Date: 09/02/2021
Details
The CIA Triad is a security model that highlights security objectives and serves as a tool or guide to keep sensitive data protected from cyberattacks or unauthorized access. Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. The main points of focus for the CIA Triad include: Confidentiality, which is defined by only those who are authorized, are able to access data or information. Integrity, which means that data, should remain intact and in a correct state and should not be modified in any way to taint the state of correctness. Lastly, availability is defined as being able to access any data or information at any time that it is warranted or needed. The CIA Triad was not created by a single creator, but has seemed to have emerged over time, dating back to over two decades ago Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. When talking about confidentiality as a major point for security, we want to look at both Authentication and Authorization. Authentication is a process that allows a multitude of systems to determine or confirm that a user is who they say they are. Authorization, however, gives access to certain data that has only been granted to specific individuals or organizations, in order to view or access data. Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. Think of the following example: For instance, government employees are required to authenticate through the network before accessing their government email, via their Common Access Card, which defines authentication. After they are successfully authenticated, the system determines what information the employee is allowed to access, defining authorization. A. (2013). Authentication vs. Authorization. The CIA Triad is an important tool to use in the cybersecurity world, but why would it be important to view these points of focus as linked together rather than separately? By grouping these key elements together, it makes it clearer that they live in tension with one another. Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. The CIA Triad, like the NIST Framework, should serve as a guide or framework for implementing its own security protocols or policies. It is not a one size fits all tool.
References
Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. CSO Online.https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html
A. (2013). Authentication vs. Authorization. Auth0 Docs. https://auth0.com/docs/get-started/authentication-and-authorization