The CIA Triad, Confidentiality, Integrity, Availability, is a crucial modeled approach within information security that guides organizations in protecting their data and systems. Key components of the CIA Triad are authentication and authorization, as they play key roles in ensuring confidentiality, integrity, and availability of information.

CIA Triad
The CIA Triad is an acronym that stands for confidentiality, integrity, and availability. These three words collectively are considered an essential modeled approach within information security to implement controls and policies in order to minimize threats to an organization’s systems and protect their data. Confidentiality is a concept that only allows an authorized user to see and/or access certain data. Oftentimes, this is where a user will have to authenticate his or herself before gaining access to data. On the contrary, an unauthorized user will be denied access to data. Integrity means the data is trustworthy. In other words, the data is true to itself and has not been tampered with. Availability is ensuring the data is available to an authorized user when it is needed (Chai, 2023). Using the CIA Triad security model concept of confidentiality, integrity, and availability within an organization, allows data and systems to be kept private, accurate, and readily available.

Authentication vs. Authorization
Authentication is a process of verifying a user through an established credentials method to prove the user has authorization to access the data of an organization. For example, to prove a user is who they say are a single-factor authentication process can be established by requiring a password. Another form of authentication can be a 2-factor authentication. A 2-factor authentication comprises a password, in addition to entering a one-time SMS password from the user’s mobile device (Weatherston, 2022). Authorization is a process of verifying a user is allowed to access certain data. After authentication of a user takes place, the authorization determines what permissions a user can carry out. For example, a manager is authorized to add or change data based on their role within the organization. Meanwhile, all employees are authorized to view data, but are limited in the ability to modify data.

Conclusion
In conclusion, key components in the CIA Triad are authentication and authorization. Authorization allows data to be kept confidential. Only after an authorized user has completed a form of authentication can he or she be granted access to use or modify data. Authorization plays a key role in the integrity of data, by determining who can modify the data. As a result, authorization prevents unauthorized persons from changing, or compromising data, thus ensuring its integrity. The availability of data can only be kept available as long as the access is controlled by authorized users. The confidentiality, integrity, and availability of data are compromised in the event a ransomware attack occurs, whereby an unauthorized user gains access to an organization’s data and demands payment, causing the data to become unavailable until payment is received. Implementing controls and policies using the CIA Triad helps build protection against an attack such as ransomware and ensures protection of an organization’s data and systems from being breached.

References
Chai, W. (2023). What is the CIA triad (confidentiality, integrity and availability)? WhatIs.com. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA?jr=on
Weatherston, G. (2022). Authentication vs Authorization – What’s the Difference?
freeCodeCamp.org.https://www.freecodecamp.org/news/whats-the-difference-between-authentication-and-authorisation/