1/37
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Security
Defined as the state of being secure and free from danger or harm, as well as the actions taken to achieve that state
Information Security
The protection of information assets (in storage, processing, or transmission) through the application of policy, education, and technology
Computer Security
The predecessor to information security, which began with the development of mainframes during WWII and focused primarily on physical security and simple document classification
The C.I.A. Triad & Characteristics of Information
Confidentiality
Ensures that only those with the necessary rights and privileges can access specific information, preventing unauthorized disclosure
Integrity
Assurance that information remains whole, complete, and uncorrupted by unauthorized modification or destruction
Availability
Enables authorized users (people or systems) to access information in the required format without interference or obstruction
Accuracy
Information is free from errors and has the value the end user expects
Authenticity
The state of information being genuine or original, appearing exactly as it was created or transferred
Utility
The quality of information having value for a specific end purpose
Possession
The quality of ownership or control over information, which is distinct from confidentiality (one can possess encrypted data without being able to read it
Components of an Information System (IS)
Software
Applications, operating systems, and utilities
Hardware
The physical technologies that house and execute software or store data.
Data
The most valuable asset; it includes items of fact like raw numbers and facts
People
Often considered the weakest link in the security chain as they design, develop, and use the systems
Procedures
Written instructions created to accomplish specific tasks
Networks
The "highway" through which data is passed between systems
Key Information Security Concepts
Asset
The organizational resource being protected, which can be logical (data, software) or physical (people, hardware)
Vulnerability
A potential weakness in an asset or its defensive control systems (e.g., a software flaw or an unlocked door)
Threat
Any object, person, or entity representing a constant danger to an asset
Threat Agent
The specific instance or component of a threat (e.g., a specific hacker or a lightning strike
Attack
An intentional or unintentional act that can damage or compromise information.
Exploit
A technique used by an attacker to compromise a system
Risk
The calculated probability that a threat will be realized against a vulnerability
Control/Safeguard
A security mechanism that detects, avoids, or minimizes damage to a protected asse
Organizational Roles
Chief Information Officer (CIO)
The senior technology officer responsible for strategic planning affecting information management
Chief Information Security Officer (CISO)
Primarily responsible for the assessment, management, and implementation of information security; usually reports to the CIO.
Data Owner
Senior management responsible for the security and use of a specific set of information
Data Custodian
Responsible for the storage, maintenance, and protection of information and systems
Data Trustee
Appointed by data owners to oversee management and coordinate with custodians for storage and protection
Implementation Approaches
Bottom-Up Approach
A grassroots effort where system administrators work to improve security at their level; it often lacks management support and organizational coordination
Top-Down Approach
Projects initiated by upper management and pushed down to all levels; this is generally more successful as it ensures funding, accountability, and organizational focus
Security Models
McCumber Cube
A 3x3x3 graphical representation of information security architecture covering the CIA triad, data states (Storage, Transmission, Processing), and safeguards (Policy, Education, Technology)