The CIA Triad

BLUF: In this paragraph we will be discussing the CIA triad, that being Confidentiality, integrity, and Availability and giving them a real brief overview of what each layer stands for. Along with that, we will be discussing the difference between Authentication and Authorization

The Main Triad: First Layer: Confidentially

As Wesley Chai stated in his article, “the CIA triad is a model designed to guide policies for information security within an organization.” AT the top of the triangle would be Confidentially, which in simplest terms comes down to data protection. All data is important and the purpose of confidentiality is to make it safe. Things such as passwords, two-factor authentication, and data tokens are great representations of Confidentially.

The Main Triad: Second Layer: Integrity

When it comes to Integrity, it is about making sure that the data that needs to be protected isn’t changed. The data must remain unchanged, so that when it comes to people who must access it, everything is the way it must be. For an example and practice for integrity are digital signatures, which are used to make sure that documents and certificates aren’t changed during transferring data between people. 

The Main Triad: Third Layer: Availability

Availability relates to the name the best. All availability is that the data that needs to be accessed is reliably available. It is the easiest concept to get a grasp on, a great example of this would be if you were working in a shipping company, and you don’t have access to the product that you ship to the general public. In which case that would mean that there is an availability issue, as you aren’t able to access the data you need at the time you need it. 

Authentication V Authorization.

While both words begin with the same four letters, they are two different fundamental practices for the CIA. Authentication is verifying who you are, showing proof that you are the person you claim to be. Like how people log into their computers to access them with a username and password. Authorization works in tandem with authentication, deciding the rights and things you do once you prove who you are. Like if you’re an administrator in a tech company, once you log into your device, you have different permissions and privileges than average employees. 

Conclusion: The CIA triad is a guideline for IT policies and practices that all IT works should know about. Confidentiality protects and guards the data, Integrity makes sure the data is unable to be tampered with, and Availability makes sure that the data is readily accessible when it is needed. Authentication and Authorization are two words that work in tandem but are not the same thing. Authentication is who you are and Authorization is what you’re allowed to do.