Security

What is Security?

• Business management tool that ensures reliability and protection of IT/IS.
• Exists to support the organization's objectives, mission, and goals. Thus, it is an element of business management rather than only an IT concern.

3 Common Types of Security Evaluation

• Risk Assessment
  • identifying assets, threats, and vulnerabilities to calculate risk
• Vulnerability Assessment
  • uses automated tools to locate known security weaknesses, which can be addressed by adding more defenses or adjusting the current protections
• Penetration Testing
  • Penetration testing uses trusted teams to stress-test the security infrastructure to find issues that may not be discovered by the prior two means and to find those concerns before an adversary takes advantage of them

5 Pillars of Information Security

CIA Triad

The CIA Triad are often perceived as the primary goals and objectives of a security infrastructure.

1. Confidentiality
2. Integrity
3. Availability

Others

4. Authenticity
5. Nonrepudiation

References

Chapple, M., Stewart, J. M., & Gibson, D. (2024). ISC2 CISSP Certified Information Systems Security Professional Official Study Guide. SYBEX, a Wiley Brand.