|
Security Basics
mailing list archives
RE: New security Triad
From: "David Harley" <david.a.harley () gmail com>
Date: Tue, 1 May 2007 00:26:30 +0100
I have always been under the impression that the security
triad was CIA (Confidentiality, Integrity and Availability)
until I came across the link
http://www.networkworld.com/columnists/2003/0106schwartau.html
. May be this is pretty late to discuss about this question
as this article was posted in 2003. Nevertheless, just wanted
to check with all the security folks out there if the new
security TRIAD is indeed CPP (Cyber, Physical and People).
It's not an either/or. It's a different model, better for some purposes, but
I don't think it was intended to replace the CIA/AIC model (if it was, it
isn't up to the job: it addresses quite a different context). Actually, the
CIA model has never been complete - where do you fit accountability into it,
for instance? - but it's convenient for educational puposes. There are other
models: Donn Parker's hexad, for instance, adds control/possession,
authenticity, and utility to the mix, though opinions vary on how discrete
they really are...
<heresy>Actually, it doesn't necessarily matter much which model you use:
it's the Way You Use It that makes it useful/less </heresy>
--
David Harley CISSP (or shouldn't I mention that? ;-))
Security Author/Editor/Consultant/Researcher
Small Blue-Green World
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html
 By Date 
By Thread
Current thread:
- RE: New security Triad David Harley (May 01)
|
Intro
