Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Cis270 linux security-class01-ch01-2008-08-26_cia-infosec_k_kanter
1. InfoSec CIA Triad
Information
Security Model
Core:
Confidentiality,
Integrity and
Accessibility
Kevin Kanter
CIS 270
Fall, 2012
2. InfoSec CIA Triad
• Basic Definitions:
– Confidentiality means that information is
only disclosed to authorized parties.
– Integrity means that information cannot
be updated (that is,created, modified, or
deleted) without authorization.
– Availability means that people or
applications have access to information in
a timely and reliable way: simply put, it is
available when it is needed.
*Ref: Information Security Basics - Johnson
3. • Herberger’s article argues that the classic
Triad should acknowledge the primacy of
availability rather than the equivalence
implied by the three ―legs‖.
– Everything else is dependent upon availability
and the process of access.
• Once the ―CIA triad‖ is understood to be the
core against which risks are to evaluated,
another layer of complexity appears, how to
provide security.
* Ref: ―How you get started…Northcutt‖
4. CIA to Security Maturity
• Gartner’s ―Information Security
Maturity Model‖ (ISMM) gives concepts
to use based on 3 dimensions:
– Layering dimension—This dimension is demonstrated on the model by five
consecutive layers starting from physical and environmental security layer,
moving upward to the definite security layer.
– Process dimension—This dimension is represented by the three main
processes: prevention, detection and recovery.
– People dimension—This dimension is represented by two indexes:
sophistication and visibility. These indexes are exhibited and exposed on the
people side.
*Ref: ―New Approaches… AlAboodi‖
5. CIA Triad - References
• Information security - Wikipedia
http://en.wikipedia.org/wiki/Information_security
• How do you get started in Information security? Nov 9th, 2009, By Stephen
Northcutt, Google+ Version 1.1
http://www.sans.edu/research/security-laboratory/article/get-started-infosec
• Information Security Basics. Brad C. Johnson. ISSA Journal, July 2010.
http://www.systemexperts.com/assets/pdf/ISSA0710-Johnson-SecurityBasics.pdf
• In Security: Information Availability is FoundationalPosted by Carl Herberger
on Feb 17, 2012
http://blog.radware.com/security/2012/02/in-security-information-availability-is-
foundational/
• A New Approach for Assessing the Maturity of Information Security By Saad
Saleh AlAboodi, CISSP, ISACA Journal, vol 3, 2006.
http://www.isaca.org/Journal/Past-Issues/2006/Volume-3/Documents/jpdf0603-A-
New-Approach.pdf