SANS@MIC - CYA by Using CIA -- Correctly For a Change
Everyone in cyber security has heard of the CIA triad. In fact, addressing Confidentiality, Integrity, and Availability as a triad of three equal parts is part of every cyber security book and class. But how many of us really have the resources to address all three of these in equal measure? Perhaps an even better question is, \Should you address these three in equal measure?" In most organizations, the answer is a resounding "NO!" Instead, we should use CIA as a method of prioritization for our security programs. But wait - it gets even more confusing! Should every department of your company address the elements of CIA the same? This time the answer is "Absolutely Not!"
In this talk, Keith Palmgren explains how to apply CIA to your company, as well as to the individual departments of your company. Doing so will not only allow you to CYA (Cover Your Assets) but also make far better use of the limited resources available in your security program while doing so.
