CIA Triad: Easy as ABC

October 13, 2016 | Views: 1594

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Does everyone know what CIA means?

Well I hope you do.

There are lots of acronyms, and often they have different meanings in different settings.

WTF can mean Web Threat Framework, from a data management view it can also mean “Where’s the file?” and of course there is that other meaning, which I don’t need to elaborate on.

But one I came across a while ago, that I use as a sanity check – usually when someone comes to my desk as the harbinger of bad news is the ABC rule.

ABC? What’s that?

This was something I read in a book written by someone in the London Metropolitan Police, I expect it is an operational term.  I have yet to speak to someone in UK law enforcement to confirm, but either way, it is useful to employ in an IT Security environment, and well…… I kind of like it.

I have this printed on my desk.

The ABC Rule

Accept Nothing
Believe Nothing
Challenge EVERYTHING

When someone runs up to the police with a problem, they don’t immediately run off and take action.  In fact they assess the situation. Certainly if the person speaking to them is worse for drinking, they will certainly take what they say with  a grain of salt.

So if someone comes to your desk with a “problem”, listen to what they say, and remind yourself of ABC.

A. Is what they are telling you an actual problem?
B. Is what they are telling you actually true?

What do we learn in security – is this trusted, where is the proof – C. give me proof?

Be mindful of A and B and skip to C and challenge them to give you proof.

Believe me you will save so much time not being reactionary to knee jerk situations. I have lost count of the number of times and the time wasted looking into things that were actually mis-information.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
6 Comments
  1. Useful. CIA model can be further modified to CIAA triad adding accountability.

  2. Great rule, will write it down and put a print on the wall behind my desk.

    Thanks for that!

  3. Very useful information!
    Cheers to that!

  4. This is so true and good advice – just yesterday I had an client employee state the “Problem” was affecting everyone and was not due to their internet connection! after attending her office I found that “everyone” was just her as she was the only employee at the office. Soon after running some constant ping tests also demonstrated packet loss so clearly her connection.
    This happens so often – Think I too might stick a ABC note to my monitor. 🙂
    thanks for the article.

    • Been there, got the tee-shirt. 🙂

      I think this can be applied to client employees, but in an infosec environment, it is a challenge.

      You don’t need to write it down necessarily – but makes for a good conversation piece when people come to your desk “What’s that?”.

      Risk people will flag risks, people that are techie and risk focussed have to evaluate what people are telling them and is it really an issue. Takes experience and practice, but the inexperienced amongst us will waste time looking into things are simply are not an issue.

      That said I have come across credible threats that have been ignored in the past, I put that down to sheer laziness or not wanting to stir a hornets nest.

      I think Kelly Handerhan (I think she is awesome) could present ABC with a better example I think, but for this exercise, like the London Met, if you are in a situation, just run ABC through your head.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel