Hi to all.
This is my first post, I will be posting similar information in the security´s forum to help to those who wants to learn more abuts this themes.
This nformatios was taken from the official satudy material for the H12 722 certificacion, so, all the rights for images and text are property of #HUAWEI
BASIC INFORMATION SECURITY KNOWLEDGE
Basic Information Security Concepts
This picture represents the ISO 27001 main concepts of security.
· Information security protects information and information systems, prevents unauthorized access, use, leakage, interruption, modification and damage, and ensures confidentiality, integrity and availability of the information (a.k.a. CIA).
· Ensuring CIA for key assets is the core objective of information security. All security control mechanism and protection measures are provided to ensure one or multiple goals of CIA.
Major Information Security Risks
· Information security is threatened by many factors, an each factor has different impacts on information CIA. For example, if a hard disk of a computer is faulty, data stored on the hard disk is lost. This means that data integrity is affected. Users cannot access the data when needed. This means that data availability is damaged. When the hard disk is sent to a third party for repair, data on the hard disk may be copied by the third party an released to competitor. This means that data confidentiality is compromised.
Information Security Capabilities
· Let’s see the following figure:
· To ensure the information security, comprehensively consider personnel and management, technologies and products, as well as processes and systems. The information security management system is the interaction between personnel, management and technology.
· Among current security factors, security management capabilities are critical. With the help of security management strategies and policies, related technical means can be used to improve security capabilities.
· Security capabilities are classified into the following:
§ Protection: take measures to ensure CIA and controllability, and reliability of the information.
§ Detection: detect possible vulnerabilities of system.
§ Response: recover system functions and provide processes that threaten security in a timely manner, prevent spread of risk, and ensure that systems can provide normal services
The information finish here, if this post was useful to you, do not forget to share and CLICK on the ♥ if this info was Helpful to you
