Security's Confidentiality, Integrity and Availability (CIA) Triad - Outdated or Still Relevant?

Security's Confidentiality, Integrity and Availability (CIA) Triad - Outdated or Still Relevant?

Dec 17, 2024

Watch the full webinar here:
https://www.mend.io/resources/webinars/security-confidentiality-integrity-and-availability/

Are confidentiality, integrity, and availability still enough, or is it time to evolve our thinking?

Join Chris Lindsey and a panel of tech leaders from leading enterprises, for a dynamic discussion on the relevance of the CIA Triad in modern security practices.

Chapters:
CIA Triad Basics and CVSS Scoring (0:00 - 0:55)
Expanded Impact Metrics (0:55 - 2:02)
Additional Impact Considerations (2:02 - 2:45)
Historical Context and Evolution (3:01 - 3:41)
Modern Challenges and Limitations (3:41 - 5:21)
Risk-Based Prioritization (5:48 - 6:22)
Business Communication Value (6:26 - 8:18)

Speakers:
Chris Lindsey, Application Security Evangelist – Mend.io
Chris Madden, Distinguished Technical Security Engineer – Yahoo
Rob Wood, Consulting CISO – TrustCISO
Phil Guimond, Principal Information Security Architect – Paramount
Toby Jackson, Information Technology Security Leader, Strategist, and Architect – Imperial PFS
Saoirse Hinksmon, Senior Product Marketing Manager – Mend.io

Bios:
Chris Lindsey is a seasoned speaker who has appeared at conferences, webinars, and private events. Currently building an online community and creating a podcast series, Chris draws on expertise from more than 15 years of direct security experience and over 35 years of experience leading teams in programming and software, solutions, and security architecture. For three years, Chris built and led an entire application security program that includes the implementation of mature AppSec programs, including oversight of security processes and procedures, SAST, DAST, CSA/OSA, compliance, training, developer communication, code reviews, application inventory gathering, and risk analysis.
Chris Madden has worked as a software engineer and system architect building secure trustworthy software at scale for embedded and cloud for more than 20 years. He likes to understand things deeply – and uses data analysis and dumb questions to build that understanding. He’s not big on titles, hierarchy or status quo, and dislikes happy thoughts and assumptions. He works at Yahoo Product Security team. Yahoo delivers value to customers through software; Chris exists to help developers deliver high quality software efficiently and securely. His primary focus is Risk-based prioritization at scale across the DevSecOps pipeline. He recently led an effort with some industry thought leaders to publish an open source Risk-based prioritization guide – https://riskbasedprioritization.github.io.
He is also an active contributor to the Proactive Software Supply Chain Risk Management (P-SSCRM) standard.

  • In his personal time, he’s applying LLMs to assist vulnerability management at scale:
  • Working with MITRE CWE Root Cause Working Group to assist CWE assignment and KeyPhrase Extraction.
  • Reviewing and reporting incorrect CWE assignments by CISA Vulnrichment – https://github.com/cisagov/vulnrichment

Rob Wood is a seasoned cybersecurity leader with 30 years of experience across multiple sectors, including tech, financial services, defense, and public sector. He has held executive roles such as CISO and security consultant, specializing in building and leading security teams and business-aligned security programs, managing risks, creating and managing strong security cultures, and serving customer trust.
Phil Guimond is a well-rounded and consistently high performing Information Security professional and Software Engineer with experience in building transformational, massively scalable and long-lasting Application, Cloud Security and Pentesting programs for SMBs and large corporations.
Toby Jackson is an experienced Information Technology Security Leader, Strategist, and Architect with broad experience in all aspects of IT security and governance. Background includes small and large finance, insurance and healthcare organizations where he has been responsible for the development, implementation, maturity and building of the IT Security Program for multiple organizations with a hybrid of AWS, Azure and private cloud SAAS, PAAS and IAAS offerings and PCI payment processing environment.
Saoirse Hinksmon leverages her decade of experience across application and network security to drive successful product launches at Mend.io. Working closely with the product team, she brings a holistic perspective to AppSec, ensuring new features empower developers and AppSec professionals alike to build secure software.