According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and Importance
1.
2. • Overview Of CIA
• Description of Data Governance vs Information Security vs
Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA,
etc.)
• Q & A
Agenda
9. Data Governance vs Information
Security vs Privacy
Definitions, Commonalities, Differences
10. Data Governance
A system for
defining who has
authority and
control over data
assets and the use
of those assets.
Ownership, Accessibility,
Security, Quality, Knowledge
People, Process, Technology
Data Governance
ISO/IEC 38505-1:2017
11. Information Security
ISO/IEC 27001: 2013
Protect information
by mitigating risks
such as:
unauthorized access,
use, disclosure,
disruption,
modification,
destruction, etc.
Process: ISMS,
Risk
Management,
etc.
Technology: Security
Controls for
Infrastructure, Facilities,
etc.
People: Security
Awareness,
Security Duties,
Third Parties,
etc.
12. Privacy
ISO/IEC 27701:2019
The goals of a privacy program include
the efforts to establish, implement,
maintain and continually improve a
Privacy Information Management
System (PIMS) to protect Personally
Identifiable Information (PII) and to
describe the roles of PII Controllers
and PII Processors.
Accountability
Clear Purpose
Obtain Consent
Limit Collection
Limit Use, Disclosure, Retention
Accuracy
Protection
Owner Access
13. CIA and Data Governance
How is CIA applied to Data Governance?
14. Data Governance – Mapping to CIA
Ownership, Accessibility,
Security, Quality, Knowledge
People, Process, Technology
Data Governance
• Confidentiality
Security
Ownership
• Integrity
Quality
Knowledge
(source of truth)
• Availability
Accessibility
22. Reference material
• Is the CIA triad dead? Does the DIE (Distributed, Immutable, Ephemeral) triad
provide a replacement or a complimentary model?
• https://www.copado.com/devops-hub/blog/making-die-model-security-vs-the-cia-
security-triad-complementary-not-competitive
• https://www.youtube.com/watch?v=_omGtDfaAjI
• CIA Triad and Ransomware
• https://securityboulevard.com/2021/07/ransomware-and-the-c-i-a-triad/
• CIA Best Practices
• https://securityboulevard.com/2019/08/cia-triad-best-practices-for-securing-your-
org/
• CIA Triad
• https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-
and-examples.html
23. ISO/IEC 27701
Training Courses
• ISO/IEC 27701 Foundation
2 Day Course
• ISO/IEC 27701 Lead Implementer
5Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-
27701
www.pecb.com/events
26. Relevant Training
PIMS
• PECB ISO 27701 Foundation
• PECB ISO 27701 LI
• PECB ISO 27701 LA
Information Security
• PECB ISO 27001 LI
• PECB ISO 27001 LA
• PECB ISO 27002 LM
28. Check the PECB agenda, select the ISO/IEC 27701 Lead
Implementer
https://pecb.com/en/partnerEvent/event_schedule_list
Training Events
For full detailed information about an event click on the ‘View’ button on the right hand
side under ‘View full details’.
Note: Before applying for any training courses listed below, please make sure you are
registered to PECB
Training Agenda
Check the past webinars on the PECB website at
https://pecb.com/past-webinars
Tony
The CIA model has traditionally been used as a model for building a security infrastructure to support your organization’s data and asset security and privacy program. Much like a three-legged stool, each element of the CIA triad is required in order to maintain a stable data and asset security and privacy program.
There has been talk in some camps about the CIA model being defunct for today’s security needs… can this be true?
Plan: Risk assess your organization; Identify critical assets
Do: Assign asset owners; Assign permissions; Protect critical assets; Train staff; Establish ISMS; Build PIMS and BCMS
Check: Security test your environments; Test your BCP; Audit your ISMS
Act: Apply lessons learned from testing and remediate audit and testing findings and start the entire process all over again!