Information Security Frameworks

Aaron Webb
2 min readJul 29, 2020

The fundamental conclusion is that there is not a one fit all concept that every organisation can apply that achieves 100% information security. A condensed overview of concepts, detail just the tip of the iceberg in a rapidly evolving world of InfoSec models and frameworks. Each concept has its strengths and weaknesses, and organisations should not approach the application of one with a silver bullet mentality.

The security landscape has changed significantly since the introduction of the personal computer and the internet. Before the turn of the millennium, most systems were research-oriented multi-user computers, with little focus on information confidentiality, integrity or availability. Today, over 35,000 new malware instances are identified every day with an increasing rate of related criminal activity and nation-state technology exploitation.

Formulating a distinction between the concepts of information security and information security management is an important requirement to protect against data theft and financial loss, alongside essential dynamics of consciousness, memory and the basic autonomy of human cognitive behaviour.

However, even with all the models and frameworks available to the InfoSec community, the most important concept is the human aspect. A breach could be motivated by personal motives or simply the result of ignorance with a level of ownership given to very user in an organisation to play their part in exhibiting secure behaviour. Everyone has to understand the importance of information security, even the Duke of Cambridge completing an internship at MI5, MI6, and GCHQ highlights the significance.

The CIA Triad, Parkerian Hexad model, and NIST framework offer an attachment to basic cognitive understanding alongside the passion for information security. Well-designed security systems, appropriate organisational culture, and compliance with security concepts offers significant benefits in protecting the confidently, integrity and availability of information assets. However, this doesn’t provide complete protection, just as the philosopher Plato said, “Good people do not need laws to tell them to act responsibility, while bad people will find a way around the law”.

Aaron Webb

Aussie | Sponsored Triathlete | Master's Degree in Cyber Security | Founder of👋