Confidentiality, Integrity, and Availability, known collectively as the CIA triad, are the three most fundamental concepts in cybersecurity. Confidentiality is restricting data to only those who are authorized to access it, Integrity is the completeness and accuracy of data, and the inability for it to be illegitimately altered, and Availability is the ability for those who are authorized to access the data (Fruhlinger 2020). By examining these concepts as three parts of a whole, Fruhlinger states, one can more easily see how they reinforce or contradict the others. The CIA triad also directly interlinks with the concepts of authentication and authorization. Authentication is the verification of a user or system’s identity, while Authorization is the access privileges granted to an authenticated identity (Stouffer et al. 2015). To put it another way, authorization is what data you have access to, and authentication is how you access that data.
CIA Triad example
To illustrate how these five cybersecurity concepts interlink, Fruhlinger (2020) uses the analogy of an automated teller machine. Confidentiality is maintained by use of two-factor authentication (a debit card and personal identification number) to access the bank information that one is authorized to view. The ATM maintains integrity through its connection to the bank’s network, ensuring any changes from depositing or withdrawing money is reflected in the account balance. Availability is accomplished by having ATMs posted in convenient locations such as outside the bank or near shopping centers.
References
Fruhlinger, J. (2020, February 10). The CIA triad: Definition, components and examples. CSO Online. Retrieved March 20, 2022, from https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.html
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to industrial control systems (ICS) security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-82. DOI: 10.6028/nist.sp.800-82r2