I’ve been thinking about this for a while now and in my environment, my CEO and CIO are big on confidentiality, integrity, and availability; they understand my position and how important the company is and the data that is held within the network. So, I do what I have to do by whatever means within the limits of my ability to apply this concept. For the most part, it’s worked within our networking environment. I’ve heard a lot of cyber security professionals say that the CIA triad is somewhat like the OSI model; it’s a good model but it’s not realistic.

Looking for advice in my professional career; is it useless to depend on the CIA triad and if it is, what concepts/models are preferred and highly recommended in place of the CIA triad for the sake of information security for an organization of any size?

Share This Discussion


  • double-xor

    November 21, 2021

    The CIA is a high level classification system that describes one set of basic tenets that the information security domain seeks to ensure, protect.

    As such it’s good for discussing “broad strokes” and discussing aspects of information security generally.

    To do any meaningful work In the field, you’ll want to connect with a more detailed framework like NIST CSF, the Security Controls Framework (SCF), Mitre, etc.. etc..

  • c_pardue

    November 21, 2021

    The mitre attack framework is a good model for figuring out how to spread coverage across the gross vectors. There are plenty of others that our fellows will chime in with. But CIA are just categories and being big on CIA might point more toward pptx gleaned expertise than any real technical expertise. Idk i could easily be wrong. But network based and host based security, patch mgmt, tested bdr backups, and mail security controls are suuuuuuuuuper important. For a fun game, categorize each of those controls according to CIA and present it to your bosses in a powerpoint, they’ll love you.


Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.