The Three Dimensions of the Cybersecurity Cube
The Cybersecurity Cube (also called the McCumber Cube) is a tool developed by John McCumber, one of the early cybersecurity experts, in order to help manage the protection of networks, domains, and the Internet. The Cybersecurity Cube has three dimensions and looks somewhat like a Rubik’s Cube.
The first dimension of the Cybersecurity Cube includes the three principles of information security. The second dimension identifies the three states of information or data. The third dimension of the cube identifies the expertise required to provide protection. These are often called the three categories of cybersecurity safeguards.
The figure below is a cube with three labeled sides to show the three foundational principles: Information States, Critical Information Characteristics, and Security Measures. Information states include Transmission, storage, and processing. Critical Information Characteristics include confidentiality, integrity, and availability. Security Measures include technology, policies and practice, and the education, training, and awareness of people.
The Principles of Security
The first dimension of the cybersecurity cube identifies the goals to protect cyberspace. The goals identified in the first dimension are the foundational principles. These three principles are confidentiality, integrity, and availability, commonly referred to as the CIA Triad.
Confidentiality prevents the disclosure of information to unauthorized people, resources, or processes. Integrity refers to the accuracy, consistency, and trustworthiness of data. Availability ensures that information is accessible by authorized users when needed. These principles are used to provide focus and prioritize actions when protecting networked systems.
The States of Data
Cyberspace is a domain containing a considerable amount of critically important data, which is why cybersecurity experts must focus on protecting data. The second dimension of the Cybersecurity Cube focuses on the problem of protecting the data in cyberspace in each of its possible states:
- Data in transit
- Data at rest or in storage
- Data in process
The protection of cyberspace requires cybersecurity professionals to account for the safeguarding of data in all three states.
The third dimension of the Cybersecurity Cube defines the skills and discipline a cybersecurity professional can call upon to protect cyberspace. Cybersecurity professionals use a range of different skills and disciplines when protecting the data in the cyberspace, being careful to always remain on the ‘right side’ of the law.
The Cybersecurity Cube identifies the three types of skills and disciplines used to provide protection. The first skill includes the technologies, devices, and products available to protect information systems and fend off cybercriminals. Cybersecurity professionals have a reputation for mastering the technological tools at their disposal. However, McCumber reminds them that the technological tools are not enough to defeat cyber criminals. Cybersecurity professionals must also build a strong defense by establishing policies, procedures, and guidelines that enable the users of cyberspace to stay safe and follow good practices. Finally, users of cyberspace must strive to become more knowledgeable about the threats of the cyberspace and establish a culture of learning and awareness.