Resource: Fundamentals of Information Security Systems: David Kim and Michael Solomom
What is Information Security?
A collection of activities to protect IT systems and the data it.
- Internet: Over 2 billion users worldwide, connected via the world wide web.
- Cybersecurity: Role of a government to ensure national security.
- Data / Information Security: Role of an organisation or individual to protect their data / assets.
Risks, Threats and Vulnerabilities:
- Risk: Likelihood of something bad occurring & affecting a system or asset (Examples: Loosing data, Non-Compliance with laws, Loosing business).
- Threat: Any action which could damage an asset, both synthetic and natural (Ie malicious exploits, flood damage, etc) Organisations should have a business continuity plan (BCP) and disaster recovery plan (DRP) in place in the event of a threat taking hold.
- Vulnerabilities: A weakness in a system, allowing a threat to be realised. Often vulnerabilities result in legal action, hence software developers covering themselves with end-user agreements (EULA’s).
What is being protected?
- Privacy Data of Individuals, (i.e. DoB, Address, Banking Details, Social Security, Utilities)
- Corporate Intellectual Property (Trade secrets, product development, copyright/patents, reputation)
- Online Transactions
- Government (Security, Trade, Military Strategy)
What forms a ‘Network’?
- Physical Networks
- Operating Systems
- Specific Applications
- Users / Staff