The CIA Triad forms the core principles of information security: confidentiality, integrity, and availability. These principles govern how information and systems should be designed and managed.
The CIA Triad also applies to our professional behavior as information security professionals.
We are obligated to keep many secrets – corporate secrets, staff secrets, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day.
We must act with integrity. We must develop sound policies and uphold them without bias. We must point out errors and misdeeds, dispassionately and objectively, in order to uphold the common good. We must seek out and defend the truth in all situations we find ourselves in.
Even when we may feel too weary to do so, we should be available for consultation to our employers and our colleagues. There are too few data security professional, and our counsel is needed often, especially when the advice that is sought has high-value outcomes.
Being available means we must manage our time well, to ensure that we are working on the truly important tasks and not merely the urgent ones. Risk professionals are influencers, and we must be sure to influence outcomes in situations that really matter.