https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17930#M2145 <P>Good article about large entities recognizing the need to take ownership of cybersecurity.</P><P>&nbsp;</P><P>I get the need for <A href="https://www.controldesign.com/articles/2019/theres-cyber-strength-in-numbers/" target="_blank">industrial security</A>, I'm dealing with it right now. But should it be added to the infamous CIA triad?</P> Tue, 15 Jan 2019 15:09:06 GMT Flyslinger2 2019-01-15T15:09:06Z https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17930#M2145 <P>Good article about large entities recognizing the need to take ownership of cybersecurity.</P><P>&nbsp;</P><P>I get the need for <A href="https://www.controldesign.com/articles/2019/theres-cyber-strength-in-numbers/" target="_blank">industrial security</A>, I'm dealing with it right now. But should it be added to the infamous CIA triad?</P> Tue, 15 Jan 2019 15:09:06 GMT https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17930#M2145 Flyslinger2 2019-01-15T15:09:06Z https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17954#M2152 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/297159657">@Flyslinger2</a>&nbsp;wrote:<BR /><P>Good article about large entities recognizing the need to take ownership of cybersecurity.</P><P>&nbsp;</P><P>I get the need for <A href="https://www.controldesign.com/articles/2019/theres-cyber-strength-in-numbers/" target="_blank">industrial security</A>, I'm dealing with it right now. But should it be added to the infamous CIA triad?</P><HR /></BLOCKQUOTE><P>But where would you add the I before CIA, after it or in between?&nbsp;&nbsp; Or do what IoT does just add the extra I at the front to designate Industrial?&nbsp;&nbsp; E.g. IIoT or ICIA - which sort of rolls off the tongue.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Tue, 15 Jan 2019 21:56:22 GMT https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17954#M2152 Caute_cautim 2019-01-15T21:56:22Z https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17961#M2154 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/297159657">@Flyslinger2</a>&nbsp;wrote:<BR /><P>&nbsp;</P><P>I get the need for <A href="https://www.controldesign.com/articles/2019/theres-cyber-strength-in-numbers/" target="_blank">industrial security</A>, I'm dealing with it right now. But should it be added to the infamous CIA triad?</P><HR /></BLOCKQUOTE><P>NO, because C-I-A is about information security. Industrial security is a broader construct that includes physical security, information security, counter espionage, executive protection, and other aspects of protection.</P><P>&nbsp;</P><P>The right place for information security / information assurance / cybersecurity (the focus of C-I-A) is as a subcomponent of industrial security. Don't try to shoe-horn other aspects of overall security into the C-I-A triad.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 16 Jan 2019 02:41:58 GMT https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17961#M2154 CraginS 2019-01-16T02:41:58Z https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17963#M2155 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/780103681">@CraginS</a></P><P>&nbsp;</P><P>I&nbsp; do tend to agree, Industrial security is very much about secure engineering and a discipline that goes with it.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute-Cautim</P> Wed, 16 Jan 2019 03:39:42 GMT https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17963#M2155 Caute_cautim 2019-01-16T03:39:42Z https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17983#M2157 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/780103681">@CraginS</a>&nbsp;wrote:<BLOCKQUOTE><HR /></BLOCKQUOTE><P>NO, because C-I-A is about information security. Industrial security is a broader construct that includes physical security, information security, counter espionage, executive protection, and other aspects of protection.</P><P>&nbsp;</P><P>The right place for information security / information assurance / cybersecurity (the focus of C-I-A) is as a subcomponent of industrial security. Don't try to shoe-horn other aspects of overall security into the C-I-A triad.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P></BLOCKQUOTE><P>Which was my thought as well. I was a little surprised that they tried to worm it in there.&nbsp;&nbsp;<BR /><BR />I appreciate those big names in industry trying to lead the way by example. I'd much rather have industry do that then a government.&nbsp; Governments are about confiscation of wealth to further it's mission since it can't generate any income on it's own, unless they ramp up the printing presses.&nbsp; Confiscating income from businesses always has detrimental affects.&nbsp; If industry establishes the standards, holds each other accountable, and reports on the results of those standards we are much better off.</P> Wed, 16 Jan 2019 14:36:40 GMT https://community.isc2.org/t5/Industry-News/CIA-has-a-new-I-Industrial-security/m-p/17983#M2157 Flyslinger2 2019-01-16T14:36:40Z