- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Whatever happened to the A in CIA? That's what a reader asked recently, referring to the tried-and-true information security triad: Confidentiality (keeping secrets secret), Integrity (ensuring information is not modified) and Availability (keeping electronic doors open and IT shops humming).
Availability has become perhaps the most pressing post-9/11 security issue for network-centric firms. Today, responsibility for network availability is being moved from information security staff to others within the corporate organization. Some firms view availability as part of disaster avoidance. For example, how do you pick a location for a back-up data center? What possibilities must be considered? Acts of God, to be sure. But now, acts of man are in the forefront of our paranoia. Package bombs? Severed transportation or communications links? Shoulder-launched missiles fired from buildings or hilltops? Is availability the responsibility of information security professionals, counterterrorism experts or disaster-recovery teams?
Other companies consider availability a part of business continuity. Some cities now provide utility company specialists to coordinate with local companies and critical infrastructures to ensconce mission-critical power and communications lines in concrete tubes under the streets and ostensibly away from danger. Facilities-management staff often take the lead here, even though the pre-eminent aim is to provide real-time backup, redundancy or fail-safe data centers.
What I see in too many organizations is turf building, budget grabbing and "stovepiping" - vertical building of a hierarchy within a company that has no contact with other divisions or departments. This is the antithesis of what is needed to meet modern, coordinated threats that transcend corporate-divined organizational boundaries.
A new security triad, CPP, redefines the three main areas of security: Cyber (computer, network and information security), Physical (the wires, silicon, glass and structures) and People (employees, consultants, suppliers, partners and anyone in contact with your company). Under this triad, stovepiping of responsibilities and functions creates unnecessary overlap, wasted resources and a mediocre security posture.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment