Competition For The Established CIA Triad

The information security profession is built on three fundamental tenets, those of confidentiality, availability, and integrity. Increasingly, however, I see two things happening:

-       Organizations are reprioritising these to reflect their significance within their organization, with confidentiality often trailing to availability and integrity; or

-       Additional aspects such as authentication, authorization, non-repudiation etc. are supplementing the CIA triad.

It seems that there may be a growing group of S&R professionals who are dissatisfied with these concepts, feeling that they are ambiguous or incomplete, and some find it troublesome that they lack standard units of measurement.

It was with interest, therefore, that I noted a competition issued by the O-ISM3 Consortium, an organization that focuses on fostering alignment between security objectives and business goals. Their challenge lays out a use case for participants to navigate. It involves a mock audit on a travel company and presents entrants with the audit findings. The participants are then challenged to create a set of audit questions that would lead to these responses, but they have to choose one of two alternative paths – either their questions must all include references to C, I, and A, or none of them may.

How well this will work is difficult to say; however, it is an interesting thought experiment and encourages S&R professionals to think about information risk management from a slightly different perspective. The prize for those who pay the €5 entrance fee and pass the challenge by proving that confidentiality, availability, and integrity are wholly applicable (or the opposite!), is a chance to win €500 and a free spot in an information security management course. Unfortunately, sign-up for the competition closes on 14th of March, so be quick if you are interested, but I’ll be interested to see what conclusions the O-ISM3 Consortium derive from the entries.

Comments

Post new comment

If you have an account on Forrester.com, please login.

Or complete the information below to post a comment.

(Your name will appear next to your comment.)
(We will not display your email.)
Email me when:
Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.