The CIA Triad—standing for Confidentiality, Integrity, and Availability—is a fundamental framework used in cybersecurity to shape policies and protect information systems. As explained in the Chai article, Confidentiality focuses on limiting access to data so only approved individuals can view it. Tools like encryption, secure passwords, two-factor authentication (2FA), and access restrictions help enforce this. Integrity ensures that information remains accurate, consistent, and trustworthy throughout its use. This involves preventing unauthorized changes through tools such as checksums, digital signatures, and version tracking. Availability guarantees that systems and data are accessible when needed by legitimate users. Achieving this involves measures like system redundancy, routine maintenance, failover mechanisms, and disaster recovery plans.
Additionally, it’s important to understand the difference between authentication and authorization. Authentication is the process of confirming a person’s identity—such as logging in with a password or using a fingerprint. Authorizationhappens afterward and determines what actions or access the verified user is permitted to have. For example, a verified employee might be allowed to view internal files (authentication), but only certain roles can edit or delete them (authorization). In short, authentication answers “Who are you?” while authorization answers “What can you do?” Both concepts are vital in supporting the CIA Triad, especially when managing access and protecting data.