CIA Triad: The policy guide
BLUF: When evaluating needs and use cases for potential new products and technologies, the
triad helps organizations and companies narrow their focus about how value is being provided in
three key areas: Confidentiality, Integrity, and Availability.
The CIA triad essentially provides organizations with a guideline in protecting their
sensitive data and systems via 3 pillars vital to cybersecurity needs, including Confidentiality,
Integrity, and Availability. How does each one of these pillars play a role you may ask? well to
start off with, Confidentiality ensures that only authorized users can access sensitive information
and privacy rights are not being violated. Integrity allows users to know that the data they are
seeing is both accurate and reliable. While availability provides users with reliable and timely
access to sensitive information with the proper authorization. Two-factor authentication is a great
example of Confidentiality because it requires users attempting to access a site or sensitive
information to provide more than one valid login method to ensure it is really them. User access
controls are an example of how Integrity allows us to control who is able to access which
information and monitor the cyber traffic of data, allowing administrators to know that their data
is untampered and used safely. Fast and adaptive disaster recovery is a shining example as it
relates to availability of information because it is easy for a server to crash or computer to
malfunction, being able to quickly recover this information provides users with the ability to
access certain data even in emergent scenarios. Such as the crowd strike incident that occurred
recently, a lot of networks and servers crashed without notice, causing thousands of interruptions
in day-to-day operations including businesses and airlines. However, this model is not fool proof.
It has its weaknesses, which Wesley Chai highlights in his article, “because the main concern of
big data is collecting and making some kind of useful interpretation of all this information,
responsible data oversight is often lacking” (Chai, Page 5). This emphasizes that while CIA
model is meant to help protect the data collection systems, it can become overwhelming to
properly manage all of it.
Let’s explore the difference between Authentication and Authorization. When talking
about Authorization, we are speaking about what a user is allowed to do, such as what resources
or services they can access. On the other hand, Authentication is all about verifying that a user’s
identity is valid and they are indeed able to access a specific site or service. Although
authentication is used in conjunction with authorization to allow a user access to an intended
service, they are distinct.

In conclusion, it is important to make note that the CIA model is a great resource for
cyber security professionals to structure their policies after and allow a company or organization
to function in a safe cyber environment where the flow of data is seamless and protected. One
weakness to highlight is that while the model may successfully assist with governing policies on
how to best protect cyber systems, when protecting sensitive data, it is imperative to ensure that the data size is not overwhelming to the point where a lack of oversight exists.