Information Security Management Principles_learner_stats_20121120 Flashcards
Information Security - Confidentiality
The property that information is not made available or disclosed to unauthorised individuals, entities or processes (ISO 13335)
Information Security - Integrity
The property of safeguarding the accuracy and completeness of assets (ISO 13335)
Information Security - Availability
The property of being accessible and usable upon demand by an authorised entity (ISO 13335)
Assets & Asset Types - Asset Definition
Anything that has valve to the organisation, its business operations and its continuity (ISO 13335)
Assets & Asset Types - 3 Main Asset Types
Pure Information, Physical Assets, Software
Assets & Asset Types - Pure Information Definition
Information in what ever format
Assets & Asset Types - Physical Assets Definition
Buildings, Computer Systems
Assets & Asset Types - Software Definition
Software used to process or manage information
Threat, Vulnerability, Risk & Impact - Threat Definition
A potenial cause of an incident that may result in harm to a system or organisation (ISO 13335)
Threat, Vulnerability, Risk & Impact - Vulnerability Definition
A weakness of an asset or group of assets that can be exploited by one or more threats (ISO 13335)
Threat, Vulnerability, Risk & Impact - Risk Definition
The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation (ISO 13335)
Threat, Vulnerability, Risk & Impact - Impact Definition
The result of an Information Security Incident, caused by a threat, which affects assets (ISO 13335)
Information Security Policy Concepts - Information Assurance Control Definition
Controls in the Information Assurance sense are these activities that are taken to manage the risks identified. There are 4 main types of control.
Information Security Policy Concepts - The Types of Information Assurance Controls are:
Eliminate Risk, Reduce Risk, Transfer Risk & Accept Risk.
Information Security Policy Concepts - Define Information Assurance Control: Eliminate Definition
Eliminate: Risk avoidance - decision not to be involved in, or action to withdraw from a risk situation (ISO Guide 73)
Information Security Policy Concepts - Define Information Assurance Control: Reduce Definition
Reduce: Risk reduction - action taken to lessen the probability or the negative consequences or both, associated with risk (ISO Guide 73)
Information Security Policy Concepts - Define Information Assurance Control: Transfer Definition
Transfer: Risk Transfer - Sharing with another party the burden of loss or benefit of gain for a risk (ISO Guide 73)
Information Security Policy Concepts - Define Information Assurance Control: Accept Definition
Accept: Risk Acceptance - Decision to accept a risk (ISO Guide 73)
Identity, Authentication and Authorisation - Define Identity
Indentity: The properties of an individual or resouce that can be used to identify uniquely one individual or resource (Authors)
Identity, Authentication and Authorisation - Define Authentication
Authentication: Ensuring that the identity of a subject or resouce is the one claimed (Dervied from Authenticity in ISO 13335)
Identity, Authentication and Authorisation - Define Authorisation
The process of checking the authentication of an individual or resouce to establish and confirm their authorished use of or access to information or other assets (Authors)
Accountability, Audit & Compliance - Define Accountability
Accountiability: The responsibility for actions and processes (Authors)
Accountability, Audit & Compliance - Define Audit
Audit: Formal review of actions, processes, policies and procedures (Authors)
Accountability, Audit & Compliance - Define Compliance
Compliance: Working in accordance with actions, processes, policies and procedures liad down without necessarily having indepentant reviews (Authors)