Info Sec: CIA Triad and Threats

Confidentiality: Protecting sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.
Integrity: Ensuring that data is accurate, complete, and not modified without authorization.
Availability: Ensuring that data is accessible and usable when needed.

Malware: Viruses, worms, Trojan horses, spyware, adware, and ransomware that compromise system security.
Phishing: Social engineering attacks that trick users into revealing sensitive information.
Denial of Service (DoS) and Distributed Denial of Service (DDoS): Overwhelming systems with traffic to make them unavailable.
Insider Threats: Threats from individuals with authorized access to systems or data.

Technical Controls: Firewalls, intrusion detection systems, encryption, and access controls.
Administrative Controls: Policies, procedures, and guidelines for information security.
Physical Controls: Security cameras, locks, and alarms to protect physical assets.

Risk Assessment: Identifying, analyzing, and prioritizing potential risks to information assets.
Risk Mitigation: Implementing controls to reduce or eliminate risks.
Risk Avoidance: Avoiding risk by not engaging in certain activities or investing in risk-reducing measures.
Risk Transfer: Transferring risk to another party, such as through insurance.

ISO 27001: International standard for information security management systems.
NIST Cybersecurity Framework: Framework for managing and reducing cybersecurity risk.
COBIT: Framework for information technology management and governance.

Incident Detection: Identifying potential security incidents.
Incident Containment: Isolating affected systems or data to prevent further damage.
Incident Eradication: Removing the root cause of the incident.
Incident Recovery: Restoring systems or data to a known good state.
Incident Post-Incident Activities: Documenting lessons learned and implementing improvements.

Confidentiality ensures sensitive information is protected from unauthorized access, use, disclosure, disruption, modification, or destruction.
Integrity ensures data is accurate, complete, and not modified without authorization, maintaining its trustworthiness and reliability.
Availability ensures data is accessible and usable when needed, with minimal downtime or disruption.

Malware encompasses various types of malicious software, including viruses, worms, Trojan horses, spyware, adware, and ransomware, which compromise system security.
Phishing involves social engineering attacks that trick users into revealing sensitive information, often through deceptive emails, messages, or websites.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks overwhelm systems with traffic, making them unavailable to users.
Insider Threats originate from individuals with authorized access to systems or data, posing a significant risk to information security.

Technical Controls include firewalls, intrusion detection systems, encryption, and access controls to secure systems and data.
Administrative Controls comprise policies, procedures, and guidelines for information security, providing a framework for security management.
Physical Controls consist of security cameras, locks, and alarms to protect physical assets and prevent unauthorized access.

Risk Assessment involves identifying, analyzing, and prioritizing potential risks to information assets, enabling proactive mitigation strategies.
Risk Mitigation implements controls to reduce or eliminate risks, minimizing the likelihood of security incidents.
Risk Avoidance involves avoiding risk by not engaging in certain activities or investing in risk-reducing measures, eliminating potential threats.
Risk Transfer involves transferring risk to another party, such as through insurance, shifting the burden of risk management.

ISO 27001 is an international standard for information security management systems, providing a framework for managing information security risks.
NIST Cybersecurity Framework offers a structured approach to managing and reducing cybersecurity risk, providing guidelines for risk assessment and mitigation.
COBIT is a framework for information technology management and governance, providing best practices for IT governance and management.

Incident Detection involves identifying potential security incidents, often through monitoring and alert systems.
Incident Containment isolates affected systems or data to prevent further damage, minimizing the spread of the incident.
Incident Eradication removes the root cause of the incident, eliminating the vulnerability or threat.
Incident Recovery restores systems or data to a known good state, ensuring business continuity and minimizing downtime.
Incident Post-Incident Activities involve documenting lessons learned and implementing improvements to prevent similar incidents in the future.