The CIA Triad is the first principal usually covered when delving into CISSP study guides and literature.
The CIA triad consists of :
- Confidentiality
- Integrity
- Availability
The Integrity principals involves the reliability and structure of the system.
The Availability principals allow reliable access to data.
I find helpful to visualize a briefcase to represent security objectives relative to the CIA triad.
Making a briefcase analogous to our security objectives will also help use visualize the concepts of vulnerabilities, threats, risk, and exposure.
The documents inside the briefcase can be thought of as our Assets.
Can you picture an old and beat up leather briefcase with no locking mechanism open on a desk?
Now think back to the movie Twins w/ Arnold Schwarzenegger and Arnold's briefcase. (if you haven't watched Twins, go watch it now)
Now that you've used your imagination, and watched the movie Twins, you can see a briefcase on it's own does little to secure an asset from a potential threat.
Now we need to consider Control Types
• Preventive - Intended to avoid a security incident
Keep your brief case in a locked trunk, or locked office.
• Detective - Intended to identify a security incident
• Detective - Intended to identify a security incident
Keep a live streaming cellphone in your brief case
• Corrective - Intended to fix security incidents that have already occurred
• Corrective - Intended to fix security incidents that have already occurred
Invoke a policy to copy data before it leaves the office in your briefcase
• Deterrent - Intended to discourage an attack
Utilize locks on the brief case
• Recovery - Intended to restore an asset
• Recovery - Intended to restore an asset
Keep a folder with the same data in somewhere else
• Compensating - Intended to offer alternative measure of control
• Compensating - Intended to offer alternative measure of control
Maybe use a computer instead of a briefcase?
Comments
Post a Comment