Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 29

CIA Triad in Data Governance, Information Security, and Privacy: Its Role and Importance

0

Share

Download to read offline

According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.

To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.

The webinar covers

• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)

Presenters:

Anthony English

Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.

Date: November 17, 2021

-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION


Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

CIA Triad in Data Governance, Information Security, and Privacy: Its Role and Importance

  1. 1. • Overview Of CIA • Description of Data Governance vs Information Security vs Privacy • Relationship of CIA to Data Governance • Relationship of CIA to Information Security • Relationship of CIA to Privacy • How to Implement and Maintain the CIA model (e.g., PDCA, etc.) • Q & A Agenda
  2. 2. Introduction
  3. 3. Before we start…
  4. 4. Check the past webinars on the PECB website at • https://pecb.com/past-webinars Previous sessions
  5. 5. Overview Of CIA (a.k.a. CAI)
  6. 6. CIA Definition Prevent Unauthorized Access Trustworthy Data, Trustworthy Sources Provide access to those who should have it and when they need it ISO/IEC 27001 Integrity Data and Asset Security & Privacy
  7. 7. CIA 2.0? +Nonrepudiation +Authentication +Code Validation ISO/IEC 27001 Prevent Unauthorized Access Trustworthy Data, Trustworthy Sources Provide access to those who should have it and when they need it Integrity Data and Asset Security & Privacy
  8. 8. Data Governance vs Information Security vs Privacy Definitions, Commonalities, Differences
  9. 9. Data Governance A system for defining who has authority and control over data assets and the use of those assets. Ownership, Accessibility, Security, Quality, Knowledge People, Process, Technology Data Governance ISO/IEC 38505-1:2017
  10. 10. Information Security ISO/IEC 27001: 2013 Protect information by mitigating risks such as: unauthorized access, use, disclosure, disruption, modification, destruction, etc. Process: ISMS, Risk Management, etc. Technology: Security Controls for Infrastructure, Facilities, etc. People: Security Awareness, Security Duties, Third Parties, etc.
  11. 11. Privacy ISO/IEC 27701:2019 The goals of a privacy program include the efforts to establish, implement, maintain and continually improve a Privacy Information Management System (PIMS) to protect Personally Identifiable Information (PII) and to describe the roles of PII Controllers and PII Processors. Accountability Clear Purpose Obtain Consent Limit Collection Limit Use, Disclosure, Retention Accuracy Protection Owner Access
  12. 12. CIA and Data Governance How is CIA applied to Data Governance?
  13. 13. Data Governance – Mapping to CIA Ownership, Accessibility, Security, Quality, Knowledge People, Process, Technology Data Governance • Confidentiality Security Ownership • Integrity Quality Knowledge (source of truth) • Availability Accessibility
  14. 14. CIA and Information Security Matching CIA to Managing Security of Assets.
  15. 15. Information Security ISO/IEC 27001: 2013 Process: ISMS, Risk Management, etc. Technology: Security Controls for Infrastructure, Facilities, etc. People: Security Awareness, Security Duties, Third Parties, etc. • Confidentiality Defining asset owners Classifying assets and assigning appropriate protections • Integrity Secure development Audit and review • Availability BCP Infrastructure stability
  16. 16. CIA and Privacy
  17. 17. Privacy ISO/IEC 27701:2019 Accountability Clear Purpose Obtain Consent Limit Collection Limit Use, Disclosure, Retention Accuracy Protection Owner Access • Confidentiality Defining asset owners Classifying assets and assigning appropriate protections • Integrity Secure development Audit and review • Availability BCP Infrastructure stability
  18. 18. How to Implement and Maintain CIA
  19. 19. Maintaining CIA Plan Do Check Act
  20. 20. References Interesting information sources
  21. 21. Reference material • Is the CIA triad dead? Does the DIE (Distributed, Immutable, Ephemeral) triad provide a replacement or a complimentary model? • https://www.copado.com/devops-hub/blog/making-die-model-security-vs-the-cia- security-triad-complementary-not-competitive • https://www.youtube.com/watch?v=_omGtDfaAjI • CIA Triad and Ransomware • https://securityboulevard.com/2021/07/ransomware-and-the-c-i-a-triad/ • CIA Best Practices • https://securityboulevard.com/2019/08/cia-triad-best-practices-for-securing-your- org/ • CIA Triad • https://www.csoonline.com/article/3519908/the-cia-triad-definition-components- and-examples.html
  22. 22. ISO/IEC 27701 Training Courses • ISO/IEC 27701 Foundation 2 Day Course • ISO/IEC 27701 Lead Implementer 5Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso- 27701 www.pecb.com/events
  23. 23. Appendix
  24. 24. Ramping up… Relevant PECB Training courses
  25. 25. Relevant Training PIMS • PECB ISO 27701 Foundation • PECB ISO 27701 LI • PECB ISO 27701 LA Information Security • PECB ISO 27001 LI • PECB ISO 27001 LA • PECB ISO 27002 LM
  26. 26. Relevant Training Data protection • PECB Certified Data protection Officer (GDPR) Privacy • PECB ISO29100 LI
  27. 27. Check the PECB agenda, select the ISO/IEC 27701 Lead Implementer https://pecb.com/en/partnerEvent/event_schedule_list Training Events For full detailed information about an event click on the ‘View’ button on the right hand side under ‘View full details’. Note: Before applying for any training courses listed below, please make sure you are registered to PECB Training Agenda
  28. 28. THANK YOU ? tony@botsecuritysolutions.com https://www.linkedin.com/in/englishtony/

Editor's Notes

  • Peter
  • Peter

  • Check the past webinars on the PECB website at
    https://pecb.com/past-webinars
  • Tony
  • The CIA model has traditionally been used as a model for building a security infrastructure to support your organization’s data and asset security and privacy program. Much like a three-legged stool, each element of the CIA triad is required in order to maintain a stable data and asset security and privacy program.
  • There has been talk in some camps about the CIA model being defunct for today’s security needs… can this be true?
  • Plan: Risk assess your organization; Identify critical assets
    Do: Assign asset owners; Assign permissions; Protect critical assets; Train staff; Establish ISMS; Build PIMS and BCMS
    Check: Security test your environments; Test your BCP; Audit your ISMS
    Act: Apply lessons learned from testing and remediate audit and testing findings and start the entire process all over again!
  • Peter
  • Peter
  • h
  • ×