CIA – It’s not what you think!
In the ISO 27001 Standard, the acronym CIA stands for Confidentiality, Integrity and Accessibility (nothing to do with American spy organisations). The point of it is to remind users that information security is not just about preventing the theft of information. It’s also about ensuring that the information you are protecting has not been changed without your authority and that your access to that information is not in any way compromised.
Think about it in terms of domestic security. You obviously want to ensure that your precious possessions in your home are not stolen. Therefore, you (hopefully) take sensible precautions like locking doors and windows whilst you are out and possibly even installing an alarm system or CCTV cameras. This is the equivalent of the Confidentiality bit of CIA.
I think that you would also be extremely disturbed to return home to find that someone had been there in your absence and moved all your possessions around making it difficult to find anything. If they changed all the settings on your devices so that they didn’t work as before (e.g. changed all the channel settings on your TV) and perhaps painted racist slogans on your outside walls. None of this has involved stealing your possessions but it would take some time and possibly some money to clear everything up. To reset all the settings on your devices and scrub off those racist slogans. And, in the meantime, your reputation due to the presence of those slogans may well have been adversely affected. That’s the Integrity bit.
And finally, you returned home to find that all the locks on the doors had been changed along with the keycode for your alarm system. As a result, you were unable to enter your house and someone else was actually living there and claiming it as their own. That would be extremely upsetting and potentially difficult to sort out and is the equivalent of accessibility in ISO 27001 terms.
ISO 27001 sets out a management framework that enables the business owner to design and implement an Information Security Management System that both protects the business and its information. When certified by an appropriate Certification Body, it also shows the rest of the world (and specifically your customers and suppliers) you are serious and capable of that protection.
Performance Plus can help you to design and implement an ISO 27001 compatible Information Security Management System. We can also guide you through to getting that internationally recognised certification.
Give us a call to find out more on 01284 330400 or email us at firstname.lastname@example.org
PerformancePlus works with small to medium size businesses across the East Anglia Region in Norfolk, Suffolk and Cambridge.