Overview of Information Security Management: Chapters 1-5

Information Security (InfoSec)

Protecting information through confidentiality, integrity, and availability.

C.I.A Triad

Confidentiality, Integrity, and Availability in information security.

CNSS Security Model

Three dimensions: people, technology, and operations.

Software Attacks

Malicious actions targeting software vulnerabilities.

Cryptographic Sins

Weak password systems compromising security.

POLC Management Theory

Planning, Organizing, Leading, and Controlling principles.

The Six Ps

Planning, Policy, Programs, Protection, People, Project management.

Ethics

Philosophy of moral judgment and conduct.

Meta-Ethics

Study of the nature of ethical properties.

PC! DSS

Payment Card Industry Data Security Standards compliance.

Digital Forensics

Process of analyzing digital media for evidence.

Stakeholder

Person or organization with vested interest.

IDEAL Model

Governance framework for strategic planning.

CGTF Framework

Defines board and executive responsibilities in governance.

Risk Management

Identifying, assessing, and evaluating organizational risks.

Enterprise Information Security Policy (EISP)

High-level policy governing overall information security.

Issue-Specific Security Policies (ISSP)

Policies addressing specific security issues.

System-Specific Security Policies (SysSP)

Policies tailored for specific systems or applications.

Security Program

Structure to manage risks to information assets.

CISSP Domains

Key areas of knowledge for CISSP certification.

NICE Cybersecurity Framework

Focuses on seven security work domains.

Work Breakdown Structure (WBS)

Decomposing project deliverables into manageable components.

Project Management

Applying skills and techniques to meet project goals.