A priest, a rabbi, and an atheist walk into a bar.
Location, location, location.
Reading, writing, and arithmetic.
The number three surrounds us. We find it in mathematics and science. Only three primary colors are needed to mix most other colors (red, yellow, blue). The three-act structure is the predominant model used in screenwriting (the setup, the confrontation, the resolution).
This aptly named “Rule of Three” represents a big part of how we think, make sense of, and cluster information. In fact, human DNA is based upon threes. And that’s the truth, the whole truth, and nothing but the truth!
Applying this core human trait to security awareness helps people understand and visualize security. As you review the following trio of triads, think about how much they overlap in nearly every aspect of your day-to-day routines.
The CIA Triad
Known in the industry as the fundamental pillar of security, the CIA Triad is one part confidentiality, one part integrity, and one part availability. Everything we do, from the data we access to the information we share, falls under the umbrella of the CIA Triad. Think of it as the foundation by which all security standards are measured—the heart of information security.
Confidentiality: Can You Keep A Secret?
The first step in information security is privacy. Data breaches reportedly cost organizations 20% of their revenue. Those losses, measured monetarily or otherwise, have a trickle-down effect that impacts the economy as a whole. Confidentiality means ensuring that the private data we access remains private, whether it be in our professional or personal lives.
Integrity: Can You Be Trusted?
Perhaps the only thing worse than exposing the privacy of data is improperly altering the data, even if it’s done so unintentionally. Integrity involves protecting the accuracy and consistency of data over its entire lifecycle. That means that no matter where it goes, no matter who has access, no matter where it’s stored, the data must be protected from alterations and unauthorized access.
Availability: Can You Access The Data?
Did you hear the one about the company that accidentally deleted the wrong directory—300 gigs worth— to realize later their backups were useless? If data is not accessible for any reason (for those with authorized access), then it might as well not exist. Availability means ensuring systems stay online, that proper backups are in place, and that hardware and software are routinely updated with the latest patches.
The Domains Triad
If the CIA Triad is the heart of information security, the Domains Triad is the mind, body, and soul. By zooming in, we supplement our resistance to cybercrime and expand our understanding of what it means to be secure. The Domains Triad provides a modernized enhancement to the CIA Triad and redefines the three main areas of security: Cyber, Physical, and People.
The Cyber Domain
This domain goes well beyond just the internet. It also includes our computers, smart devices, networks, and the software that makes it all work together. The threats that exist in this domain come in many forms, from phishing emails to social media scams. It’s a social engineer’s playground, requiring us to remain diligent in our security efforts at all times.
The Physical Domain
Did you know that a messy desk is a security risk? Do you log off your computer every time you get up, even if just for a few minutes? Are you familiar with dumpster diving? The physical domain has many tangible threats that are simple to isolate and simple to avoid. Proper disposal of sensitive documents and media, for example, goes a long way towards improving security.
The People Domain
Not every threat involves the internet or malware and viruses. The people we interact with—our co-workers, suppliers, partners, even package delivery people—all represent potential security risks. Unauthorized access to secured areas is no different than hacking a database because both scenarios threaten our overall security.
The Many Lives Triad
Finding a balance between work and play presents a challenging task for many. Thankfully, technology has made it easier than ever to bridge the two together. But with that bridge comes the responsibility to be strong human firewalls in every aspect of our lives. To simplify what that means, we created the Many Lives Triad: Professional, Personal, and Mobile.
Keeping It Professional
In our professional lives, we share the responsibility to ensure sensitive data stays confidential, accurate, and accessible. We do that by maintaining strong, unique passwords for all accounts, keeping software up to date, following policy, and reporting security incidents.
Taking it Personally
At home, it’s easy to forget about data breaches and phishing emails, but that doesn’t mean we can just relax our security posture. Keep in mind that identity theft is still rampant across the globe. It’s important that we develop family policies to keep our kids safe on the internet. And don’t ignore all those smart gadgets such as gaming consoles, streaming devices, and appliances. If it connects, it’s a threat.
Security on the Go
Whether working remotely or simply interacting on social media, we are connected everywhere we go. Our lives have become so tied to our mobile devices that if we leak the data they contain, it could be detrimental not only to us personally, but to our families, our friends, our colleagues, and our organizations. Let’s not forget that cybercriminals target mobile devices just as much as they target standard computers, so we need to take security awareness with us wherever we go.
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019