An integral foundational model in cybersecurity is known as The CIA Triad: Confidentiality, Integrity, and Availability are what protects sensitive information, ensures reliability, and provides access to the correct users. Understanding how the CIA Triad works in conjunction with authorization, which defines access privileges, and authentication, which confirms the identity of the user, is the foundation of a secure system.

Grasping The CIA Triad

The CIA Triad, not to be mistaken for The Central Intelligence Agency (CIA), is considered one of the foundational models used in cybersecurity. According to NIST, security objectives are commonly expressed in terms of three overarching goals: confidentiality, integrity, availability which are core blueprints for federal security efforts (Nieles, Dempsey, & Pillitteri, 2017, p. 7). Confidentiality refers to the protection of data from unauthorized access which means only individuals with permission can view the sensitive information and an example of this is encryption. Integrity ensures that information is accurate and unaltered, and ways to maintain data integrity include file permissions and checksums. Availability guarantees that information is accessible whenever the authorized users need it and resiliency plans such as failover systems and real-time backups. As described by Chai (2022), organizations must properly assess their risk posture, plan for secure operations, and implement meaningful controls that align with regulatory and business requirements.

Examining Authorization and Authentication

Authorization and authentication may sound similar but are quite different. Both are access control mechanisms and then determine who can access and control what said individual is able to do once they are inside. Authorization determines what someone who has been authenticated is able to do. For example, when a college student logs into the ODU portal, they can view their grades but not access what the professor controls. Authentication is what verifies an individual’s identity, and ways that this is done can be through usernames, passwords, two-factor authentication, and more.

Examples include but are not limited to the healthcare industry, online stores, and military systems. In the healthcare industry medical personnel need to log into the hospital system using an ID and possibly a fingerprint scan. Depending on the position they hold and depending on the department they would only be able to access certain files. As for online stores, a customer with an online account would need to login to their account with a password and possibly a verification code (two-factor authentication) and once they are verified, they are able to purchase, track orders, and do other granted actions. Military systems have extremely tight and secure servers which only individuals who hold the correct identification can access. Even when they are allowed access, their authorization level determines what they can view (usually dependent on their security clearance.)

Conclusion

Cybersecurity is not only about protecting an organization but also ensuring its resiliency and having fail-safe recovery plans. Implementing the three principles from The CIA Triad, confidentiality, integrity, and availability is essential to creating a cemented and profound cybersecurity policy. In addition to The CIA Triad, authorization and authentication are vital because they are solid access control mechanisms and enable organizations to be incredibly secure and protect their systems in a much more efficient manner.

References

Chai, W. (2022, June 28). What is the CIA Triad? Definition, Explanation, Examples. TechTarget. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA

Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2017). An introduction to information security (NIST Special Publication 800-12 Rev. 1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-12r1