Cis270 linux security-class01-ch01-2008-08-26_cia-infosec_k_kanter

672 views

Published on

CIA extended to risk protection.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
672
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cis270 linux security-class01-ch01-2008-08-26_cia-infosec_k_kanter

  1. 1. InfoSec CIA Triad InformationSecurity Model Core:Confidentiality, Integrity and Accessibility Kevin Kanter CIS 270 Fall, 2012
  2. 2. InfoSec CIA Triad• Basic Definitions: – Confidentiality means that information is only disclosed to authorized parties. – Integrity means that information cannot be updated (that is,created, modified, or deleted) without authorization. – Availability means that people or applications have access to information in a timely and reliable way: simply put, it is available when it is needed. *Ref: Information Security Basics - Johnson
  3. 3. • Herberger’s article argues that the classic Triad should acknowledge the primacy of availability rather than the equivalence implied by the three ―legs‖. – Everything else is dependent upon availability and the process of access.• Once the ―CIA triad‖ is understood to be the core against which risks are to evaluated, another layer of complexity appears, how to provide security.* Ref: ―How you get started…Northcutt‖
  4. 4. CIA to Security Maturity• Gartner’s ―Information Security Maturity Model‖ (ISMM) gives concepts to use based on 3 dimensions: – Layering dimension—This dimension is demonstrated on the model by five consecutive layers starting from physical and environmental security layer, moving upward to the definite security layer. – Process dimension—This dimension is represented by the three main processes: prevention, detection and recovery. – People dimension—This dimension is represented by two indexes: sophistication and visibility. These indexes are exhibited and exposed on the people side.*Ref: ―New Approaches… AlAboodi‖
  5. 5. CIA Triad - References• Information security - Wikipediahttp://en.wikipedia.org/wiki/Information_security• How do you get started in Information security? Nov 9th, 2009, By Stephen Northcutt, Google+ Version 1.1http://www.sans.edu/research/security-laboratory/article/get-started-infosec• Information Security Basics. Brad C. Johnson. ISSA Journal, July 2010.http://www.systemexperts.com/assets/pdf/ISSA0710-Johnson-SecurityBasics.pdf• In Security: Information Availability is FoundationalPosted by Carl Herberger on Feb 17, 2012http://blog.radware.com/security/2012/02/in-security-information-availability-is-foundational/• A New Approach for Assessing the Maturity of Information Security By Saad Saleh AlAboodi, CISSP, ISACA Journal, vol 3, 2006.http://www.isaca.org/Journal/Past-Issues/2006/Volume-3/Documents/jpdf0603-A-New-Approach.pdf

×