CIA:
1. Confidentiality
2. Integrity
3. Availability
Two new components:
· Accountability. Someone is personally accountable and responsible for the protection of an asset or set of assets. The emphasis here is on the 'someone' and the 'personally accountable'. Often this does not work in the organisational setup but it still should be the goal;
· Auditability. This component has two parts, firstly that any position that a system is found in should be able to be backtracked to determine how it got into that state and secondly, that an ongoing process of management review or audit should be undertaken to ensure that the systems meet all documented requirements.
These two new components are derived from BS 7799 (BS 7799 2002), ISO 27002 (ISO 27002 2005) and ISO 27001 (ISO 27001 20005).
No comments:
Post a Comment