As we all know, information security principles are stated as CIA triad, i.e., confidentiality, integrity, and availability. I wonder why authentication is not a part of CIA triad as being an important factor in information security. Does it belong to another classification?
Asked
Active
Viewed 3,887 times
1 Answers
11
CIA are the aspects of a system that information security strives to protect. Authentication and authorization (important and distinct concepts) are security controls that are used to protect the system with regard to the CIA properties. For example, authenticating a user and checking that they are authorized to access the data ensures the confidentiality of that data. Authenticating and then authorizing for modification is helping to ensure integrity of the data.
David
- 15,814
- 3
- 48
- 73