IAS-Key-Pointers-to-review.docx
Document Details
Uploaded by Deleted User
Tags
Related
- Chapter 5 - 01 - Discuss Various Regulatory Frameworks, Laws and Acts PDF
- Chapter 5 - 01 - Discuss Various Regulatory Frameworks, Laws, and Acts PDF
- Information Security & Management PDF
- Introduction to Information Security Management PDF
- CISSP All-in-One Exam Guide PDF - Chapter 19: Measuring Security
- Securing Information Systems PDF
Full Transcript
### **Week 1: Introduction to Information and Information Security** - **Information:** Defined as the meaning conveyed by symbols, which can be alphabetic, numeric, genetic sequences, physical, or logical. - **Information Theory:** Developed by Claude Shannon in the 1940s; involves th...
### **Week 1: Introduction to Information and Information Security** - **Information:** Defined as the meaning conveyed by symbols, which can be alphabetic, numeric, genetic sequences, physical, or logical. - **Information Theory:** Developed by Claude Shannon in the 1940s; involves the measurement of information. - **Aspects of Information:** Accuracy, timeliness, contextual relevance, and purposefulness. - **Security:** Defined as the state of being free from danger; applies to both physical and logical scenarios. - **Information Security:** Protects information from unauthorized access, use, or modification. - **Key Areas in Information Security:** Operations, analysis, and testing of secure systems. - **Read and Watch:** - Coursera lecture on information security. - Wikipedia articles on Information Security and History of Information Theory. ### **Week 2: CIA Triad - Confidentiality, Integrity, and Availability** - **Confidentiality:** Ensures only authorized users can access information. - **Integrity:** Maintains the accuracy and completeness of information, preventing unauthorized modifications. - **Availability:** Ensures information is accessible to authorized users when needed. - **Authorization and Authentication:** Involves verifying user identity and their level of access. - **Cryptography:** Used to hide information and ensure data integrity. - **Nonrepudiation:** Guarantees that actions or communications cannot be denied by the originator. - **Threats:** Denial of Service (DoS) attacks, unauthorized data access, and system failures. - **Read:** JSTOR paper on the CIA Triad and \"The CIA Triad\" by Chad Perrin. ### **Week 3: RMIAS Model and Information Assurance** - **RMIAS Model:** A reference model for Information Assurance and Security covering a broader scope than the CIA Triad. - **Information Assurance:** Focuses on reducing risks to information, emphasizing defensive measures and cost-effectiveness. - **RMIAS Dimensions:** - **Security Lifecycle:** Development, deployment, refinement, and retirement of information systems. - **Information Taxonomy:** Describes information by its form, state, sensitivity, and location. - **Security Goals:** An expansion of the CIA Triad to include accountability, privacy, and nonrepudiation. - **Security Countermeasures:** Techniques to achieve security goals, considering cost-effectiveness and business needs. - **Read:** Outline of the RMIAS model. ### **Week 4: Introduction to Cybersecurity** - **Cybersecurity:** Defends computers, networks, and data from malicious attacks. - **Key Categories:** - **Network Security:** Securing computer networks. - **Application Security:** Protecting software from threats. - **Information Security:** Safeguarding data integrity and privacy. - **Operational Security:** Managing data handling and protection. - **Disaster Recovery and Business Continuity:** Plans for responding to incidents. - **End-User Education:** Training users to recognize security threats. - **Types of Cyber Threats:** Malware, SQL injections, phishing, man-in-the-middle attacks, and denial-of-service attacks. - **Recent Cyber Threats:** Dridex malware, romance scams, and Emotet malware. - **Cyber Safety Tips:** Update software, use antivirus, use strong passwords, avoid unknown email attachments, and secure Wi-Fi. - **Read:** ACM JTF\'s definition of cybersecurity and the nine knowledge areas. ### **Week 5: Security Governance and Policies** - **Security Governance:** The set of responsibilities and practices by executive management to provide strategic direction and manage risks. - **Information Security Governance:** A subset focusing on the performance and risk management of information security systems. - **Security Policies:** - **Regulatory:** Ensures compliance with industry regulations. - **Advisory:** Guides employee behavior with consequences for non-compliance. - **Informative:** Educates employees about certain topics. - **Security Policies Types:** Organizational, issue-specific, and system-specific. - **Standards:** Mandatory actions and regulations supporting security policies. - **Procedures:** Step-by-step tasks to achieve security goals, detailing how to implement policies and standards.
