Security is a triad

Physical security, information security and people need to be integrated. By Winn Schwartau, president. Security Awareness Company.

Classic wisdom holds that security is based upon the CIA triad: Confidentiality, Integrity and Availability. But if we look at information security from all possible angles, we find the Classic Security Triad can be easily enhanced to represent what a more complete operational security model needs to be. The Integrated InfoSec Triad consists of: Information Security, Physical Security and Personnel Security. To truly increase the security level of any organization, they must be more tightly entwined, with each taking advantage of the strength and expertise of the others, coordinating to build an even stronger security posture than if they operated independently.

Security is like golf

Club selection is key. Claudine Simson, CTO, LSI.

Just as a golfer needs specific clubs to overcome the numerous threats on the golf course, today's IT manager needs to deploy specific security solutions to meet the various threats facing the data center such as spam, malware, viruses and data theft. With distinct security domains, including data-at-rest, data-in-flight, authentication of devices and users, key management, end-to-end data integrity, and data-at-work, there is no "one-club-fits-all" solution. For example, data-in-flight requires a different approach than data-at-rest. For data-in-flight, new advanced firewalls that can scan every piece of data at multi-gigabit speeds are becoming available for enterprise and even branch office systems. For stored data-at-rest, full disk encryption protects against data loss caused by loss of the drive and avoids disclosure when customer data is lost. By "clubbing" each threat with the appropriate solution, today's businesses can keep their data securely in play and avoid penalties.