Write-Up: The CIA Triad


In this write-up, we will be going into depth about The CIA Triad. We will also be looking into the differences between authorization and authentication. An example between the difference of authorization and authentication will be provided.


The CIA Triad
The CIA triad stands for: confidentiality, integrity, and availability. All three of these principles are important in order to protect online data and make sure systems are in place to protect it. According to the Chai article, the CIA triad is more like an “interconnected system” rather than independent concepts (para. 8). All three of these principles are related to one another in some way, even though they serve different purposes. Confidentiality is the privacy of data being protected. I view confidentiality as a wall preventing any unwanted access to data. Integrity is making sure that data has not been changed by any outside attacks. For example, people with their banking data online need to make sure they can trust their banks that their money and information is not stolen from outside attacks (F5, para. 7). Availability is making sure that users who are supposed to have access are allowed to use their accounts. For example, if someone does not have access to their bank account, they will not be able to make purchases they need to make in their daily lives.


Authentication vs. Authorization
Many people would think authentication and authorization are the same, but they are vastly different. Authentication is a form of a key, while authorization is a form of permission (Okta, Authentication vs. Authorization). To simplify this statement, authentication is unlocking what you already have access to. For example, authentication is like typing in a password or using an access code when signing in. According to GeeksforGeeks, the authorization process is: “a person or user’s authorities are checked for accessing resources” (Difference Between Authentication and Authorization). For example, in a business sense, a retail store manager may have access to a room that a cashier would not have. Authorization is given to those based on their roles.


Authentication and Authorization Example
An example showing the differences of authentication and authorization would be an individual’s bank account. To access a bank account an individual is authorized by their bank by typing in their username and password. Also, they could use a face verification system or their fingerprint. Before an individual receives authorization, they first need authentication. Authentication would be opening the bank account before putting funds into it. When you receive authentication from a bank, you can access you bank account after you prove you are authorized to use it.


Conclusion
In conclusion, we went over what the CIA triad is by dissecting what each of the letters stand for. Also, we learned how all three principles are related to one another instead of being separate. Lastly, we learned the differences between authorization and authentication and how both of them are intertwined with one another. We showed how they were intertwined by using an example of an individual having a bank account.

References
Authentication vs. Authorization. Okta. (n.d.). https://www.okta.com/identity-101/authentication-vs-authorization/
GeeksforGeeks. (2024, July 24). Difference Between Authentication and Authorization. https://www.geeksforgeeks.org/difference-between-authentication-and-authorization/
Hashemi-Pour, C., & Chai, W. (2023, December 21). What is the CIA Triad? Definition from TechTarget. WhatIs. https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA
Walkowski, D. (2019, July 8). What is the CIA Triad? F5 Labs. https://www.f5.com/labs/learning-center/what-is-the-cia-triad


Leave a Reply

Your email address will not be published. Required fields are marked *