Information Security is built upon the three basic foundational principles: Confidentiality, Integrity and, Availability, the CIA Triad. It ensures that the data is kept private, accurate and accessible to authorized users when needed.
The CIA Triad
The CIA Triad is a designed model or a framework to guide information security policies within an organization. CIA refers to Confidentiality, Integrity and Availability, which are the three core principles in information security. Confidentiality means that the data is kept private and protected from unauthorized access. Integrity means that the data is accurate, unaltered and reliable. Availability means data is available and accessible to authorized users whenever it is needed.
Confidentiality
Confidentiality ensures that the data is protected from unauthorized access. It implies that only the authorized users should have the access to the information. Organizations must maintain confidentiality of data in order to protect it against cyber-attacks such as ransomware. For example, user ID and password must be required to access any information. Unauthorized users who don’t have credentials should not have any access.
Integrity
Data can be altered accidentally by users or intentionally by the threat actors. Inaccurate or altered data is not reliable and worthless for the organization. So, it is crucial that the organization maintains the data integrity by ensuring its reliability and trustworthiness. Data is trustworthy when it is complete, accurate and unaltered throughout its life cycle.
Availability
In addition to data confidentiality and integrity, data must be available to authorized users in order to perform daily organizational operations. Without access to information, organizations like the healthcare department would not be able to operate, which could lead to great destruction and damage. This principle ensures that the authorized users should have the access to information whenever it is needed. Furthermore, backing up data would help in maintaining data availability.
Authentication Vs. Authorization
Authentication is the process of identifying authorized users by certain criteria. Apparently, this is the first step involved in the process of accessing information. It verifies or validates that the user is someone who they are claiming to be. This process can be done by something they know such as users ID and passwords, something they are, such as biometrics or something they have such as access card. In addition, two factor authentication provides additional layer of security, making sensitive information more secured.
After authentication, authorization is the next step in the process of accessing information. This is the process of giving permission to users to have access to specific information. Authorization ensures that users have access only to the specific information necessary for them to perform their job effectively. Based on the user’s position in the organization, authorized users would be granted access to specific and limited information. It implies that not all employees within an organization will have access to the same types of information. For example, an instructor would have access to the grades of all the students in the class, however a student would not.
Conclusion
In conclusion, organizations must follow the guidelines and policies mentioned under the CIA triad: Confidentiality, Integrity, and Availability. It forms the foundation of effective information security. By confidentiality, organizations ensure that the sensitive information should be accessible to authorized users only. Integrity would ensure that data remains accurate and unaltered, preserving its trustworthiness and reliability. Availability would ensure that information and resources are accessible whenever needed, minimizing disruptions and maintaining organizational daily operations. This model would help organizations safeguard their sensitive information and build trust among the customers.
References
Fortinet. (2024). Authentication vs. authorization: Key differences. Fortinet. https://www.fortinet.com/de/resources/cyberglossary/authentication-vs-authorization
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA triad?: Definition from TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Washington University in St. Louis. (2024). Confidentiality, integrity, and availability: The CIA triad. Office of Information Security. https://informationsecurity.wustl.edu/items/confidentiality-integrity-and-availability-the-cia-triad/
