CIA Triad Flashcards
is cybersecurity is subset of information security ?
Whether cyber security is a subset of information security (or vice versa), or if they’re the same thing, has been the source of much debate.
While information security and cyber security are used interchangeably, the two can play quite different roles.
where cybersecurity focus
cyber security focuses exclusively on the technical and digital aspects of security.
what is information security ?
information security is the practice of protecting information in both its physical and digital forms. Similar to cyber security, it involves preventing (or reducing the likelihood of) unauthorised access to, use of, and destruction of information, as well as unauthorised disclosure and disruption to access.
infosec?
information security
Information system is
is an umbrella term that describes a system (or set of components and processes) used for collecting, creating, processing, storing and distributing information within an organisation. Everything from physical hard drives to your office manager can be components in an information system.
who protect information system
also fall under the protection of infosec
Information security vs cyber security
infosec is focused on protecting the confidentiality, integrity and availability of data. This model, known as the CIA triad, often crosses over into cyber security. Unlike cyber security, however, infosec is also concerned with protecting information from environmental disasters and physical theft (paper documents, hard drives, etc.).
infosec governed by ?
infosec is governed by nonrepudiation, authenticity and accountability.
Nonrepudiation ?
Nonrepudiation is a concept used to provide assurance that something is undeniably valid, or that some action cannot be denied.
n IT, logging can be used for nonrepudiation; showing for certain that an email was sent and received.
Authenticity?
Authenticity is verifying that a user is who they say they are and that information has travelled via trusted sources.
Accountability ?
Accountability means you can trace the actions of your parcel to each entity it visited. The entities your parcel visits should be unique and authorised to handle your parcel as it makes its way through the network. If something goes wrong with your delivery, the post office will (or should) be able to follow its route and find out who’s accountable.
Laws
> DPR (EU)
Payment Card Industry Data Security Standard (PCI DSS)
Health Insurance Portability and Accountability Act (HIPAA)
Computer Misuse Act 1990 (UK)
Data Protection Act (UK)
