A good friend and colleague Michael Burgess, CISSP, sent me the following message this morning:
“I’ve been doing some research and thought you may benefit from (if you haven’t already ran across it). Some have begin adding an addition to a well known acronym and a core principle in information security. I think it is picking up steam and with good reason.
C-I-A C-I-A-Accountability
Accountability as in the process of tracing, or being able to trace activities to a responsible source….I think it is a good addition given experiences and how often accountability is needed, or would have been helpful.”
I think Mr. Burgess and the growing movement to expand the traditional triad are spot on. Accountability is an important principle in IT Security and is closely tied to the principles of data integrity, confidentiality and availability. It speaks to the responsibilities of data stewards and data owners and the need for security analysts to capture activities and report on anomalous behavior.
Kudos to Michael for bringing this idea forward and continuing the conversation to our profession stronger.