Information Security Chapter 1 PDF
Document Details
Miss Asma Amjad
Tags
Summary
This chapter provides an introduction to information security, defining key concepts such as access, assets, attacks, and vulnerabilities. It explains how organizations can protect information resources by combining technology with security policies, training, and awareness programs. The document also addresses the importance of minimizing risk to match an organization's risk appetite.
Full Transcript
INFORMATION SECURITY Chapter 1 Instructor: Miss Asma Amjad What Is Security? ◦ A state of being secure and free from danger or harm. Also, the actions taken to make someone or something secure. ◦ Protection from opponent or enemy, those who would do harm, intentionally or unintenti...
INFORMATION SECURITY Chapter 1 Instructor: Miss Asma Amjad What Is Security? ◦ A state of being secure and free from danger or harm. Also, the actions taken to make someone or something secure. ◦ Protection from opponent or enemy, those who would do harm, intentionally or unintentionally is the ultimate objective of security. Key Information Security Concepts ◦ Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. Access controls regulate this ability. ◦ Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site, software information, or data; or an asset can be physical, such as a person, computer system, hardware, or other tangible object. ◦ Attack: An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. ◦ Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve security within an organization. ◦ Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain. ◦ Risk: The probability of an unwanted occurrence, such as an adverse event or loss. Organizations must minimize risk to match their risk appetite—the quantity and nature of risk they are willing to accept. ◦ Threat: Any event or circumstance that has the potential to adversely affect operations and assets. ◦ Threat agent: The specific instance or a component. For example, like Kevin Mitnick, who was convicted of hacking into phone systems, is a specific threat agent. A lightning strike, hailstorm, or tornado is a threat agent that is part of the threat source known as “acts of God/acts of nature.” ◦ Vulnerability: A potential weakness in an asset or its defensive control system(s). Like, flaw in a software package, an unprotected system port, and an unlocked door. What is Information Security? ◦ The entire set of software, hardware, data, people, procedures, and networks that enable the use of information resources in the organization. ◦ IS focuses on protection of information including confidentiality, integrity and availability. ◦ IS also includes variety of protection mechanisms such as policy, awareness programs, training and technology. THANK YOU
