![]() But why is it so helpful to think of them as a triad of linked ideas, rather than separately? Why is the CIA triad important?Īnyone familiar with even the basics of cybersecurity would understand why these three concepts are important. The fact that the concept is part of cybersecurity lore and doesn't "belong" to anyone has encouraged many people to elaborate on the concept and implement their own interpretations. Thus, CIA triad has served as a way for information security professionals to think about what their job entails for more than two decades. (We'll return to the Hexad later in this article.) But it seems to have been well established as a foundational concept by 1998, when Donn Parker, in his book Fighting Computer Crime, proposed extending it to a six-element framework called the Parkerian Hexad. It's also not entirely clear when the three concepts began to be treated as a three-legged stool. Availability is a harder one to pin down, but discussion around the idea rose in prominence in 1988 when the Morris worm, one of the first widespread pieces of malware, knocked a significant portion of the embryonic internet offline. Air Force study, and the idea of integrity was laid out in a 1987 paper that recognized that commercial computing in particular had specific needs around accounting records that required a focus on data correctness. Ben Miller, a VP at cybersecurity firm Dragos, traces back early mentions of the three components of the triad in a blog post he thinks the concept of confidentiality in computer science was formalized in a 1976 U.S. Unlike many foundational concepts in infosec, the CIA triad doesn't seem to have a single creator or proponent rather, it emerged over time as an article of wisdom among information security pros. We'll discuss each of these principles in more detail in a moment, but first let's talk about the origins and importance of the triad. But considering them as a triad forces security pros to do the tough work of thinking about how they overlap and can sometimes be in opposition to one another, which can help in establishing priorities in the implementation of security policies. These three principles are obviously top of mind for any infosec professional.
0 Comments
Leave a Reply. |