Information Security with Business Mindset

InformationSecurityDefinitionInfoSec with Business Mindset

The PeacockCISSP_Domains

Information Security is a discipline to protect information and information systems from threats through security controls to achieve the objectives of confidentiality, integrity, and availability (Tier 3), or CIA for short, support the organizational mission and processes (Tier 2) and create and deliver values (Tier 1).

Information security shouldn’t be a silo or managed with tunnel vision. Security is pervasive and ubiquitous. It has no border or the border of security should be removed if any.

A CISSP is a certified security professional of “Information Systems”. He or she should protect the underling information systems that support business processes and the organization as the diagram shows.

PS. An information system may support one or more different business processes, but the relationship between them in the diagram is simplified.

Leave a Reply