The CIA triad is a fundamental portion in cybersecurity that was integrated to help guide policies for Information Security inside of an organization. The acronym stands for Confidentiality, Integrity, and Availability and can also be seen as the AIC triad to rid the association with the Central Intelligence Agency. This triad wasn’t formed overnight, but was conceived over a span of years starting as early as 1976, with confidentiality as a study in the Air Force. Almost a little over a decade later in 1987, integrity became a point of interest seeing that public computing needed a way to keep account of record as well as data accuracy. The final concept, availability, gained prestige the following year, completing the triad as we know and honor today. Confidentiality is allowing authorized individuals or processes to manipulate or access information. Integrity is the preservation of information that restricts others from altering data, whether it be accidental or malicious. Availability is allowing for authorized users to access data whenever they need to do so.

Authenticity

The process of authentication is administered as a way to verify that the user is who they say they are. CSO Josh Fruhlinger explains that this is accommodated by the use of security such as passwords and techniques such as biometrics, security tokens, and cryptographic keys. Authenticity is an imperative factor that is weighted more towards the confidentiality section of the triad, which will determine whether the user is authorized to access the data. This is because certain data isn’t allowed for the public to view and is only accessible to individuals that have a direct understanding of why it should be accessed.

Authorization 

Authorization allows for only individuals that meet the requirements to access specific data and information. This is put in place to prevent other users from accessing data that they are not qualified to handle. Systems integrate this by allowing administrators or creators of the data to select those who they deem appropriate to view. This concept is also weighted towards the confidentiality portion of the triad due to the fact that only certain individuals can access this data and isn’t available to the everyday person. Fruhlinger also states that an important way to enforce confidentiality is by establishing a need-to-know mechanism for data access, meaning that a system needs to verify that you are who you say you are. 

Conclusion

The CIA Triad helps organizations by using policies and guidelines to help protect private information from others. With the use of authorization and authentication, this makes the confidentiality section of the triad strong and resilient. With all the benefits that come with using the triad, it can be predicted that it will last for many years to come without any unforeseen problems.