The Next Evolution of the Triad

A good friend and colleague Michael Burgess, CISSP, sent me the following message this morning:

“I’ve been doing some research and thought you may benefit from (if you haven’t already ran across it). Some have begin adding an addition to a well known acronym and a core principle in information security.  I think it is picking up steam and with good reason.

C-I-A
C-I-A-Accountability

Accountability as in the process of tracing, or being able to trace activities to a responsible source….I think it is a good addition given experiences and how often accountability is needed, or would have been helpful.”

I think Mr. Burgess and the growing movement to expand the traditional triad are spot on.  Accountability is an important principle in IT Security and is closely tied to the principles of data integrity, confidentiality and availability.  It speaks to the responsibilities of data stewards and data owners and the need for security analysts to capture activities and report on anomalous behavior.

Kudos to Michael for bringing this idea forward and continuing the conversation to our profession stronger.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s