What will happen next?
Indeed, if the CIA triumvirate has failed to respond to modern challenges, what should replace it? To be effective, any new direction must take information security beyond the triad’s flat, merely technical perspective. It must be able to map layered, relevant, core technical foundations, not only to governance requirements, but ultimately to their real-world impact on business outcomes and social protection.
A successful model should clearly incorporate principles that the triad has ignored – such as authenticity, accountability, and flexibility. Those principles should be added as fundamental pillars. Furthermore, the model should have the ability to help CISOs and their teams navigate the veritable jungle of frameworks, harmonize regulatory demands and eliminate duplicate work, while also giving them a way to talk to their board in terms of resiliency, accountability and trust, rather than just uptime and firewalls.
3C Model: A Strategic Lens
3c model (Core, Complementary, Relevant) provides a layered, hierarchical system designed to map today’s threats and liabilities. Its strength lies in creating order from chaos, by building the following three layers into your security operations strategy.
