Wednesday, June 29, 2022

Principle of Information Security: Module 1 Introduction to Information Security (Part 5)

Knowledge check activity 1:

What is security?

A. Freedom from fear

B. Protection from loss

C. keeping secrets

D. Being secure and free from danger

The answer is D. Being secure and free from danger.

Only this answer is complete. Fear has little to do with security; many are fearful even when secure. Security does not mean losses cannot occur, just that they are planned for and survivable. Confidentiality (secrets) is just one of the three key aspects of security.

Components of information security include, computer security, data security, and network security.


The CIA triads is the industrial standards for computer security since the development of the mainframe; the standards is based on three characteristics that describe the attributes of information that are important to protect. These include confidentiality, integrity and availability.


Some key terms to remember:

Access - a subject or object’s ability to use, manipulate, modify, or affect another subject or object.

Asset - the organizational resource that is being protected.

Attack - an intentional or unintentional act that can damage or otherwise compromise information and the systems that support it.

Control, safeguard, or countermeasure—Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve security within an organization.

Exploit - a technique used to compromise a system.

Exposure - a condition or state of being exposed.

Loss - a single instance of an information asset suffering damage or destruction, unintended or unauthorized modification or disclosure, or denial of use.

Protection profile or security posture - entire set of controls and safeguards that the organization implements to protect the asset.

Risk - the probability of an unwanted occurrence.

Subjects and objects - a computer can be either an agent entity used to conduct an attack or the target entity.

Threat agent - the specific instance or a component of a threat.

Threat source - a category of objects, people, or other entities that represents a danger to an asset.

Vulnerability - weaknesses or faults in a system or protection mechanism that expose information to attack or damage.


Post a Comment