IT chump information technology and system administration
NIST is the model source.
Our scope for information security includes protecting information systems and information assets from unauthorized access, use, disclosure, disruption, modification, or destruction. We follow the confidentiality, integrity and access (CIA) approach.
Confidentiality is a prerequisite for maintaining privacy and secured access to information assets. Information considered confidential may only be accessed, used, duplicated or disclosed by persons who have been properly authorized to access, use, duplicate or disclose the information and only on a need to know basis or when there is a legitimate need to access, use, duplicate or disclose the information. A confidentiality breach occurs when confidential information has been, or may have been, accessed, used, duplicated, or disclosed to, or by, any person who was not authorized to have access to the information.
In information security, integrity mandates that data or informatoin cannot be created, modified, or deleted without propery authorization. It also means that data or information retained in one part of a database system is in agreement with other related data stored in another part of the database system (or another system). As an example, a loss of integrity can occur when a database system is not properly shut down before maintenance is performed or the database suddenly loses electrical power.
The concept of availability means that the data the computing systems used to process the information, and the security controls used to protect the information are available and properly functioning when the information is needed by authorized recpients. The opposite of availability is denial of service (DOS).
In 2002, Mr. Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. This alternative model includes confidentiality, possession or control, integrity, authenticity, availability, and utility.
While our organization cannot afford a dedicated information security team, we do have two staff who focus exclusively on information security strategy, objectives, fulfillment and incident response.
As a global financial services company, we must be compliant with Gramm-Leach-Bliley Act (GLBA) and International Standards Organization (ISO 27001 certification) standards. We have three staff whom are members of FBI InfraGard and retain security clearances.