The CIA Triad

Posted by spitr001 on

The purpose and primary goal of the CIA Triad is to protect the data of different organizations. It is a “information security model” that is used by many organizations to keep their information secure. When it comes to the creation of the CIA Triad, there is no record of just one creator of the model. This is due to the fact that it formed over time as an article regarding security pros and wisdom. The initials in CIA stand for Confidentiality, Integrity, and Availability. They are the three principles when it comes to keeping information secure; hence, where the word triad comes from. It is estimated that the concept of these principles was established sometime around 1998. However, there is no evidence to prove when they were collectively grouped to describe the CIA Triad. First, confidentiality means that data can only be seen or altered by people who are authorized to view the information. Second, integrity is being able to maintain the correct information without unauthorized people having access to data, which can lead to corrupt files. Third, availability is allowing authorized users to have access to information whenever it needs to be viewed.

Now, I will go into the difference between authentication and authorization. Authentication is a step by step process “that allows systems to determine if a user is who they say they are” (Fruhlinger, 2020). In other words, it is like using a two-step authentication to log into a website. For example, when we log into our ODU portal, blackboard, email etc., we are prompted to either send a push notification to our phone via the DUO mobile app or we can enter a password that will be sent to our phones. As a result, this ensures that the person logging into an account is actually them because it would be going to that persons’ phone. According to the Fruhlinger article, some of the techniques used to identify a person include: security tokens, cryptographic keys, biometrics, etc.

On the other hand, authorization is how a system determines who has access to view certain information. To clarify, “just because a system knows who you are, it doesn’t necessarily open all its data for your perusal!” (Fruhlinger, 2020). In other words, authorization is used for many websites and systems to ensure security of data in the sense that it is not being looked at by unauthorized viewers. An example of authorization would be “…having many files only accessible by their creators or an admin” (Fruhlinger, 2020). Another example of authorization would be something as simple as viewing a persons’ social media profile. Furthermore, if a person has their account private, only people who follow them or who they approve to follow will be able to see their posts.

Reference:
Fruhlinger, Josh (2020). The CIA Triad: Definition, components, and examples. IDG Communications, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *