In the world of cybersecurity, authorization is different from authentication in the CIA Triad. With the world being more into information security, companies rely on the core principle of cybersecurity to organize the protection of sensitive data and their systems. One of the most widely known models for understanding and applying these principles is the CIA Triad, also known as Confidentiality, Integrity, and Availability. This can provide a powerful framework that will ensure the information has systems that will remain secure and trustworthy. This happens alongside two other essential concepts in security called authorization, and authentication. They play a critical part in controlling how people who use them interact with their systems. While these terms are often confused or used interchangeably, they have different meanings and purposes. 

CIA Triads: Confidentiality, Integrity, Availability

The first principle of the CIA Triad is Confidentiality. This would refer to the ability to ensure the sensitive information is only accessible to authorized individuals. Confidentiality is maintained through encryption, access control mechanisms, and proper data classification. For example, a bank can keep its financial information private by using strong login credentials and encrypting data so that it is not accessible to unauthorized individuals who should not have access. With confidentiality only authorized (Hiza, 2022). people should be able to access data Without confidentiality, personal data can be exposed, leading to identity theft and financial fraud.

Integrity is the second principle. This means the accuracy and reliability of the data is maintained. The information must not have been altered in an unauthorized or accidental way. This principle ensures that data will remain trustworthy from the moment it is created until it is used. Techniques such as hashing and digital signatures are useful ways to verify data integrity. For instance, a medical record should have file permission and user access controls for protection. Integrity can protect against many risks by ensuring that data has not been changed without permission. Information integrity issues can result in a lack of trust or a lack of a proper authentication process for accessing information (Samonas &Coss, 2014).  

The third and final principle, Availability, focuses on ensuring that the information and systems are accessible whenever they are needed by an authorized user. If their systems are down or the data cannot be accessed, even the most secure environments may be ineffective. Availability can be achieved by having redundancies and regular system maintenance that protects against cyberattacks, such as distributed denial of Service, also known as DDoS attacks. An example of this is when an online retailer works to ensure their website remains available during its peak shopping seasons. If this is not available, it can risk losing both revenue and customer trust. Together, Confidentiality, Integrity, and Availability will provide a sense of balance that can help protect an information system along with authentication and authorization.

Authentication vs. Authorization

Beyond the CIA Triad, there are two other fundamentals that are aspects of information security. They are authentication and authorization. While these terms are related, they have different processes. Authentication is the process by which users are verified by those who the system. In other words, it will answer if they are really who they claim. It can be used to confirm an identity. Some methods behind authentication include passwords, fingerprints, facial recognition, and multi-factor authentication. For example, when they are logging into an email account, entering a username and password is a form of authentication. This helps support the Confidentiality and Integrity in the CIA Triad.

 Authorization, on the other hand, determines that the resources are available to the users who are allowed have the right to access information. It can answer the question of who is permitted to use the system. Authorization ensures that the users only have access to their data or their systems that are necessary for them to view records. There can be different levels of successful authorization based on login credentials because some authorizations are set at a certain level that determines the limit for their access.

An example of authentication and authorization happens with HIPPA, the Health Insurance Portability and Accountability Act. With HIPPA medical companies work to use CIA Triad models to protect medical records and other personal health information. A patient logs into the a portal using authentication to see their medical information. When they start to enter their username and their password the system authenticates their identity. Once authenticated this is where authorization starts. The patient has the ability to access their medical history, but they will not be authorized to have access sensitive administrative functions that would be reserved for their staff or another patient. The authentication process confirms the patients identity that the they are who they say they are, while the authorization process ensures that they only see and use the different types of information appropriate for them.

Conclusion

The CIA Triad can provide a strong sense of a foundation for the understanding of the core principles of information security which include Confidentiality, Integrity, and Availability. Each of these principles addresses a unique but interdependent aspect of data security and protection. Equally important are the processes of authentication and authorization that show control over how they are used to prove their identities and what resources they can access. While often confused, authentication and authorization are different, both are necessary for having a secure system. When they come together, these principles and their processes can help create a trustworthy and resilient information environment that balances their protection with their ability to be accessible.

References

HIZA, D. (2022). Assessing the Significance of Cia Triad Security Model in Establishing ICT Security Controls in The Public Sector (Doctoral dissertation, Institute of Accountancy Arusha (IAA)).

Samonas, S., & Coss, D. (2014). The CIA strikes back: Redefining confidentiality, integrity and availability in security. Journal of Information System Security, 10(3).