Information Security with Business Mindset

InformationSecurityDefinitionInfoSec with Business Mindset

The PeacockCISSP_Domains

Information Security is a discipline to protect information and information systems from threats through security controls to achieve the objectives of confidentiality, integrity, and availability (Tier 3), or CIA for short, support the organizational mission and processes (Tier 2) and create and deliver values (Tier 1).

Information security shouldn’t be a silo or managed with tunnel vision. Security is pervasive and ubiquitous. It has no border or the border of security should be removed if any.

A CISSP is a certified security professional of “Information Systems”. He or she should protect the underling information systems that support business processes and the organization as the diagram shows.

PS. An information system may support one or more different business processes, but the relationship between them in the diagram is simplified.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.