CYA by Using CIA...Correctly for a Change
4In this insightful cybersecurity presentation, Keith Palmgren, a seasoned SANS instructor, challenges the conventional wisdom around the CIA (Confidentiality, Integrity, Availability) triad. Rather than viewing CIA as three equal parts, Ponder argues that companies must prioritize these elements based on their specific needs and resources.
Through real-world examples from organizations like Coca-Cola, Ball Corporation, Chase Bank, and pharmaceutical giants, Palmgren demonstrates how the prioritization of CIA can vary significantly across sectors and even within different departments of the same company. He emphasizes that the rigid "triad" approach is often an unattainable ideal, and encourages attendees to instead use CIA as a framework for strategic prioritization. This presentation offers valuable insights for anyone seeking to optimize their organization's security posture in a practical and effective manner.
About the Speaker:
Keith Palmgren is a cybersecurity professional with over 35 years of experience specializing in the IT Security field. He is a SANS Senior Instructor and the author of SEC301: Introduction to Cyber Security. Keith also runs a successful security consulting practice, working with corporate leadership and security staff to help lower their organization's risk. Keith has taught over 25,000 students and authored 22 courses, seven of which the American Council on Education certified as eligible for college credit. Not only does he make sure students are grounded with the importance of fundamentals, but he shows them the evolution of cybersecurity; an evolution that he was part of.