The CIA Triad & Differences Between Authentication and Authorization

The CIA triad is discussed more in detail and the difference between authentication and authorization is provided with an example. 

Confidentiality

Confidentiality in the CIA triad pertains to training employees with high level permissions in data systems. This prevents them from falling for social engineering or phishing attacks. It also involves using passwords, 2-factor authentication, and other methods of authentication to ensure the user is not posing as someone else. 

Integrity

Integrity involves keeping the data in various documents the same throughout its lifespan. Some measures that can be taken are logs and digital signatures of any changes made by users to ensure accountability, backups in case of non-human interference, and checksums. 

Availability

Availability is maintained by keeping all hardware and software up to date and using proper redundancy in data centers. Servers and the internet connection must be maintained to make sure they are operating as they should. Data must be available at all times, so in case of a natural disaster, there must be a comprehensive plan in place for what to do in that circumstance. 

Authentication and Authorization

Authentication is making sure that the account signing in belongs to the person behind the computer. It is making sure that the system knows who the user is. Authorization is the level of permissions that the user has (Auth0). For example, if user Johnny Appleseed is signing in, he would have to use an authentication application on his phone to type in a code to authenticate that he is who he says he is. After signing in, he is only authorized to access the lowest level documents because he is an intern. 

Conclusion

The CIA triad is the cyber security acronym that is the bare minimum for security in today’s business world. There is even more to it than just the CIA triad, as it becomes more complicated and detailed as the industry develops. Authentication and authorization both fit into the triad, but also have their own aspects as well. These are just the base level properties, however, and must be built upon to have a truly secure network. 

Resources

https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization

https://drive.google.com/file/d/1898r4pGpKHN6bmKcwlxPdVZpCC6Moy8l/view