BASICS Flashcards
Information
any difference that makes a difference to a conscious human mind.
it is whatever appears significant to a human being, whether originating from an external environment or the internal world
information flow
- > occurs when a subject ( user/ entity acting on behalf of the user) accesses information
- > accessing my online banking account
Data
are symbols that represent properties of objects, events and their environment .
they are products of observations
IT System
closed or open dynamic technical system with the ability to store and process information
it systems are used by individuals with different knowledge and for different purposes
information security
refers to the protection of cia of information assets whether in storage, processing, transmission via the application of policies, education training awareness and technology
is about protecting information in gerneral whether stored on paper, in someone’s head or within it systems
information security
protecting information in general, whether stored on paper within it systems or in someone’s head
it security
as part of information security is concerned primarily with protection of data and information that are stored and processed electronically
cybersecurity
spans all aspects of it security and extends into the whole cyber space
->including internet based it infrastructures,
communication,
applications
and other processes and structures
cia triad
confidentiality: ensures that onl yindividuals with rights privileges and need to access in formation are able to do so
integrity: is maintained when information are in their expected state and are not manipulated unnoticeably or without authorization
availability: enables authorized users to access information they need without interference or obstruction
authenticity: information or data is genuine or original rather than reproduced or fabricated
accountability: ensuring all actions on a system can be attributed to an authenticated identity
information security management
->overreaching goal of ism is to protect an organization (know how, customer or employee data, operations)
six Ps of ISM
Planning: design, create, implement information security strategies, overall goal is to create plans that support long term achievement of overall org. strategy
policy: development of different types of information security policies
programs: programs operationalize information sec. str. such SETA programs or customer privacy programs
protection: set of risk management activities and protection mechanisms, technologies, and tools
people: encompasses security personnel, the security of personnel, and other people oriented measures
projects: implementing specific security measures should be managed as protest to ensure proper resource alloc. and goal achievement
information privacy
requirement
refers to the claim of individuals, groups or institutions, to determine for themselves when how and to what extent information about them is communicated to others
- IP requires data protection, which describes property of a system to hinder unauthorized access to data within the system
- IS is necessary but not a sufficient condition for IP
(data well protected but internal decision how to use it for own benefit)
Difference Data / Information
- > Data: Observation with respect to object, events, and their environment, they possess neither meaning nor value
- > Information: Data that have been organized in a way that they carry meaning and value for a person (context-dependent)
IT-Management vs Information Security MGMT
- > in contrast: it management ensures the effective and efficient processing of information with respect to the goals of a company
- > conflict of interest, ensuring Information security may hinder effective and efficient information processing (security goals slow down processes)
