Cali Valdivieso
23 February 2025
CYSE 200T
The CIA triad consists of confidentiality, integrity, and, availability. The CIA triad is the blueprint organizations use to create new policies. It allows them to have checks and balances to make sure a policy will be able to effective. Authentication and authorization are steps within the triad that will keep a company’s information private and secure.
Confidentiality is how an organization decides who will have access and the steps that are necessary for them to access the information. This can be exemplified by having employees create strong passwords or before viewing classified information, have them go through multiple authentication steps. Integrity is very important within this triad. It calls for the organization to take steps to keep its data up-to-date and safe from any unauthorized changes. This can be shown through companies having blocks on editing documents or having a backup of all the files. Availability calls for the database to be able to output files and other information when it is searched for. This can be difficult as some crashes can be out of the organization’s hands. Organizations can help combat this by keeping their systems up to date and having plans for disaster recovery.Authorization is described as “the process of determining whether an entity (a device or a user) can access resources”(Kim & Lee,2017). This can be further exemplified by a student having to use the duo-lingo application to approve it is them trying to access their Old Dominion
University portal or else they will not be allowed to log on. Authentication is “a prerequisite for authorization” (Kim & Lee, 20017). For someone to even log in to a website they had to have been given the okay to have the account. This can be exemplified through Old Dominion University creating and id number for a student to use and create their login. The use of the CIA triad, authorization, and, authentication are vital in an organization to keep information relevant and guarded. These things should constantly be studied and determined if they need to be updated.
References
H. Kim and E. A. Lee, “Authentication and Authorization for the Internet of Things,” in IT
Professional, vol. 19, no. 5, pp. 27-33, 2017, doi: 10.1109/MITP.2017.3680960.
keywords: {Authentication;Authorization;Browsers;Base
stations;Bitcoin;Cryptocurrency;Internet of Things;Trust management;Internet of
Things;network-level security;access
control;authorization;authentication;centralization;decentralization;security;privacy;distri
buted systems},https://ieeexplore.ieee.org/abstract/document/8057722/authors#authors