The Foundation for Information Security

The three components of the CIA triangle are confidentiality, integrity, and availability. They have served as the industry standard for computer security since the first mainframes. Confidentiality ensures only authorized individuals can gain access to secure information. Integrity speaks to incorruptibility of secure information. The information exists in its whole and complete form. Availability not only ensures information is accessible by the right people or systems but that once it is available, the contents are presented in a useable format. These three concepts are a great foundation for the ever changing information technology world. They are responsible for the development of several new key components in the expanded CIA triangle. All organizations should look to these basic components as the building blocks to securing information.

Top-Down Security

The top-down approach to information security will always have a higher rate of success for several reasons. The top-down approach utilizes a level of planning and strategy not seen in the bottom-up approach. With the project initiated by upper management, there is a clear implementation process as well as the element of organization from the start. The top-down approach also assures support from the highest levels of an organization. This means projects are given priority and accepted as a necessary function. Development is not just left to a select few; rather, all parties are aware and understand what will be implemented. Because of this, the system will be able to survive employee turnover. The rate of success is far superior to the bottom-up approach.

Methodology

A methodology is the ultimate strategic planning to designing and implementing information security. By approaching implementation with a structured sequence of procedures, an organization and help ensure the desired goals are met. A methodology often includes project team with specific milestones that guarantee the birth of a comprehensive information security system.

Responsibility

When a process is developed using the top-down approach there are many levels of an organization involved. All the way from the CEO/CISO/CIO to the administrative support, each individual does his/her part. Ultimately the responsibility of information security falls to the highest level of an organization. These are the decision makers who must utilize resources and people to ensure information security.

Security Evolution

Originally, with the advent of the first mainframes, rudimentary forms of computer security began to surface. Most of this computer security revolved around securing location and access to this new technology. However, with the growing ability to retain more information, more complex safeguards began to develop. For the first time in the early 1960s, administrators encountered security problems that were not physical in nature.

With the introduction of the first networked communications system (ARPANET), potential vulnerability arose. The Rand Report R-609 was the first of its kind identifying management and policy issues in computer security. As the 1980s approached, the scope of security changed to monitor security breaches outside the physical realm.

In the 1990s, the internet and networks became a mainstay of our society. These to advancements have paved the way to information security as we know it today. The amount of information that needs some form of security has increased exponentially. Information has come a long way since the early times of computer security.