The CIA Triad is a group of cybersecurity principals that help form the backbone of any
cybersecurity action. The CIA Triad stands for confidentiality, integrity, and availability.
Confidentiality has to do with ensuring that only those who should have access to
something can access it. For example, only those who have a particular clearance should
have access to top secret information. Integrity has to do with the accuracy of the data. To
ensure integrity of data, checks can be performed to ensure that any data has not been
tampered with prior to displaying it. Availability has to do with making sure the data is
always available to authorized individuals when needed. To ensure availability, one might
store data in multiple physical locations to avoid losing the data altogether.
Authentication’s main purpose is to verify the identity of a user. It typically involves actions
like checking passwords, biometrics, security tokens, etc. Usually in combination of at
least two. Authorization, on the other hand, determines what an individual can and cannot
do in a system. This is done by applying or removing permissions to a particular user in a
system. In the most basic form, authentication makes you prove it’s you, while
authorization tells you what you can do. For example, authentication is used to log you into
your email account by requesting a username and password. Once you are in, you are
authorized to read and send emails, but you cannot access the server settings because
you do not have authorization to do so.
In summary, the CIA Triad, as well as the concepts of authentication and authorization are
important parts of any secure system. The CIA Triad helps ensure that data is protected,
accurate, and accessible, while authentication and authorization help to control user
access and permissions in a system.