Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion
‎01-15-2019 10:09 AM
‎01-15-2019 10:09 AM

CIA has a new I - Industrial security

Good article about large entities recognizing the need to take ownership of cybersecurity.

 

I get the need for industrial security, I'm dealing with it right now. But should it be added to the infamous CIA triad?

Reply
0 Kudos
4 Replies
Caute_cautim
Community Champion
‎01-15-2019 04:56 PM
‎01-15-2019 04:56 PM

@Flyslinger2 wrote:

Good article about large entities recognizing the need to take ownership of cybersecurity.

 

I get the need for industrial security, I'm dealing with it right now. But should it be added to the infamous CIA triad?

But where would you add the I before CIA, after it or in between?   Or do what IoT does just add the extra I at the front to designate Industrial?   E.g. IIoT or ICIA - which sort of rolls off the tongue.

 

Regards

 

Caute_cautim

Reply
0 Kudos
CraginS
Defender I
‎01-15-2019 09:41 PM
‎01-15-2019 09:41 PM

@Flyslinger2 wrote:

 

I get the need for industrial security, I'm dealing with it right now. But should it be added to the infamous CIA triad?

NO, because C-I-A is about information security. Industrial security is a broader construct that includes physical security, information security, counter espionage, executive protection, and other aspects of protection.

 

The right place for information security / information assurance / cybersecurity (the focus of C-I-A) is as a subcomponent of industrial security. Don't try to shoe-horn other aspects of overall security into the C-I-A triad.

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
Caute_cautim
Community Champion
‎01-15-2019 10:39 PM
‎01-15-2019 10:39 PM

@CraginS

 

I  do tend to agree, Industrial security is very much about secure engineering and a discipline that goes with it.

 

Regards

 

Caute-Cautim

Reply
0 Kudos
Flyslinger2
Community Champion
‎01-16-2019 09:36 AM
‎01-16-2019 09:36 AM

@CraginS wrote:

NO, because C-I-A is about information security. Industrial security is a broader construct that includes physical security, information security, counter espionage, executive protection, and other aspects of protection.

 

The right place for information security / information assurance / cybersecurity (the focus of C-I-A) is as a subcomponent of industrial security. Don't try to shoe-horn other aspects of overall security into the C-I-A triad.

 

 

 

 

Which was my thought as well. I was a little surprised that they tried to worm it in there.  

I appreciate those big names in industry trying to lead the way by example. I'd much rather have industry do that then a government.  Governments are about confiscation of wealth to further it's mission since it can't generate any income on it's own, unless they ramp up the printing presses.  Confiscating income from businesses always has detrimental affects.  If industry establishes the standards, holds each other accountable, and reports on the results of those standards we are much better off.

Reply
0 Kudos