The Onion diagram is updated to emphasize that Information Security is a business issue. Security people should protect assets while always keeping business in mind, that is enabling business and delivering values. The tunnel vision and function boundary should be broken and removed.
Information Security is a discipline to protect information and information systems from threats through security controls to:
- achieve the objectives of confidentiality, integrity, and availability, or CIA for short,
- support the organizational mission and processes, and
- create and deliver values.
The definition of Information Security is revised as Information Security is a business issue and should be aligned with the business mission, goals, and strategies, enable and streamline business processes, and create and deliver values ultimately.