THE IMPORTANCE OF THE CIA TRIAD
Keeping data safe and up to standard should be the prime mission of any
organization that handles critical information. There have been three main
concepts developed overtime since the 70’s for maintaining data. These concepts
are the backbone to preventing data loss, corruption, and data leaks or the misuse
of data in the wrong hands. The simple acronym C.I.A is what is used for ease of
remembrance, the acronym stands for Confidentiality, Integrity, and Availability.

THE BREAK DOWN
All of these concepts are simple and easy to remember confidentiality, integrity,
and availability. The acronym is easy to confuse with the central intelligence agency
so the acronym can also be rearranged to A.I.C , as stated in Wesley Chai’s article,
“The model is also sometimes referred to as the AIC triad (availability, integrity and
confidentiality) to avoid confusion with the Central Intelligence Agency” (Chai 1).

CONFIDENTIALITY
Starting with the most crucial concept, confidentiality, having your data privately
secured from thieves and hackers. Running an organization that deals with
sensitive information there will always be people or groups that want to steal that
sensitive data for financial gain or to have an organizational advantage. It’s highly
important that personnel who work closely with sensitive information should
understand the rules and guidelines to properly handle that kind of data.
Organizational leaders should ensure the proper training of personnel in the
department with best practices as stated in Chai’s article, “Further aspects of
training may include strong passwords and password-related best practices and
information about social engineering methods to prevent users from bending
data-handling rules with good intentions and potentially disastrous results” (Chai 3).

INTEGRITY
Relative to confidentiality the next topic in conversation is integrity, data is
supposed to be accessed by authorized personnel only. Ensuring the data doesn’t
become corrupted and or deleted, there are many avenues to keep the integrity of
your sensitive data. One good example as stated in Andrea Gil’s post on kvausa, “In
automotive systems, CRC is known to provide integrity protection against accidental
or non-malicious errors; however, it is not suitable for protecting against intentional
alteration of data. Hence, the sensitive data should include cryptographic checksums for verification of integrity” (Gil 2024). Checksums should be used in
conjunction with version control, access control, security control, and data logs to
ensure the data’s integrity.

AVAILABILITY
The last concept which is also a crucial element to data safety is the people
maintaining the data. The first line of defense, the ones who implement the
controls and protocols to safeguard the data. The personnel must be vigilant at
hardware upkeep and maintenance. Personnel must have a quick reaction plan in
place to respond to disastrous situations that may occur either maliciously or
non-maliciously. This shows true importance in the use of high availability clusters
as stated in the article post on SIOS, ”High availability (HA) is the elimination of
single points of failure to enable applications to continue to operate even if one of
the IT components it depends on, such as a server, fails” (SIOS 2024). Having a plan
set in place to ensure when the problems arise, like they often do, you can still be
safeguarded while there are also many other tactics to keep all of your hardware
and software updated.

DIFFERENCES BETWEEN AUTHENTICATION AND AUTHORIZATION
Throughout this conversation the terms authentication and authorization have
been used throughout, although they may sound the same and look the same at a
glance they differ tremendously on their meaning. Authentication, if you’ve ever
signed up for a service you always first make a login that is usually a username and
password. Essentially this is the key to your door to use the service that you signed
up for. Never give out your password to any service you may have signed up for.
Authentication is just your key to the door. While authorization is simply what
permissions you have beyond that door. You have the key to get in but only in the
area where everyone is serviced. If you aren’t an owner or developer you won’t
have further authorization to access the service from an admin point of view.

REFERENCES
Chai, Wesley, ”What is the CIA Triad? Definition, Explanation, Examples,” TechTarget,
2022-06-28,www.techtarget.com/whatis/definition/Confidentiality-integrity-and-avai
lability-CIA?jr=on, accessed on 15 SEP 24.
Gil, Andrea, “Data security- confidentiality, integrity, availability,” Kvausa,
www.kvausa.com/data-security-condentiality-integrity-and-availability/#:~:text=Int
egrity%20is%20the%20ability%20to,being%20altered%20by%20unauthorized%20in
dividuals., accessed on 15 SEP 24.
“High Availability,” SIOS, us.sios.com/resource/high-availability, accessed on 15 SEP