The McCumber Cube was introduced toward the beginning of the class and has continued to show up as we move through different topics, highlighting its usefulness in enterprise InfoSec. For this forum, I would like to see the McCumber Cube applied to an extent, to give everyone the opportunity to grasp this planning/assessment tool and use it to describe some aspect of enterprise InfoSec in your world. To accomplish this, I would like to organize this forum around the different 3-way intersections (cubes) between the CIA triad, the data states of storage/processing/transmission (SPT), and the interventions of policy/education/traning (PET). Specifically, I would like for each 3-way intersection of the cube (e.g., Confidentiality-Storage-Policy; Integrity-Transmission-Technology; Availability-Processing-Education; etc.) to serve as an independent thread. Then, within the appropriate thread, I would like you to either 1) introduce (generally) that particular 3-way goal/data/mechanism interaction looks like in your current or former (de-identified) organization or 2) introduce new and credible practioner content (e.g., NIST, SANS, ISACA, etc.) on recommended best practices within that particular context. Follow up posts should contribute new and/or reinforcing posts that also either draw on past experiences or original content. Please cite your sources if/when following the #2 approach to contributing.
