Journey of learning in InfoSec
This is the third part of a four-part blog series covering the CIA Triad. The first part discussed the CIA triad as a whole (Part I). Part II covered Confidentiality. Part IV will cover Availability. Integrity. Many people hear or see that word and their first thought is of an individual’s trustworthiness. Do they have …
Continue reading “What is Meant by “Integrity” in the CIA Triad?”
This is part 1 of a four-part series. We’ll introduce the CIA concept overall here in the first of the series. Then cover each component more in-depth in subsequent posts One of the most critical concepts for security professionals is the CIA (confidentiality, integrity, availability) triad. It is at the core of everything we do, …
Continue reading “Introduction to the CIA Triad for Security Professionals”
I was a GRC (Governance, Risk, and Compliance) person first and now I am a CISO (Chief Information Security Officer). It was 20 years ago, thereabouts, and I knew I wanted a change. I’d abandoned my goal of a career that I’d attended college for, technical theatre, and was working retail for a large, national …
Continue reading “Make Policy Your Friend and Learn to Love Governance and Compliance”
“No one really gets what it is we do.” I read and hear that phrase, or something similar, a lot when consuming InfoSec (information security) content. There are references and allusions to it on Social Media, write-ups in industry periodicals, and references to it on podcasts. The arguments tend to be the same. “It’s not …
Continue reading “Rebranding “InfoSec” as “Business Security””
Quick acknowledgment here; this is written from the perspective that security is at the center and core of all business. That is simply a conceit to allow for the perspective. The core element of any business is to make money and increase profits and profitability over time, I get that. Many businesses struggle with figuring …
Continue reading “Security is the Force of the Business Galaxy”