Module 3 - Information Security Flashcards
What are the 3 values of the CIA Triad?
Confidentiality, Integrity and Availability
What is Confidentiality?
Property that information is not made available or disclosed to unauthorised individuals, entities or processes
What is Integrity?
Property of accuracy and completeness, hasn’t been tampered with or missing info
What is Availability?
Property of being accessible and usable upon demand by an authorised entity
What is the difference between Cyber Security and Information Security?
Cyber security focuses on protecting digital assets, Information Security aims to protect all information assets include non-digital hard copies etc
What are Certification Bodies?
Bodies that are authorised to certify other orgs ISO accreditation.
Certification Bodies are themselves certified by National Accreditation Bodies to carry out ISO audit/certification etc.
What is required to become ISO 27001 certified?
Org must demonstrate conformity to the ISO 27001 Standard by undergoing external auditing from a Certification Body to verify
What are the two stages of an ISO 27001 audit?
Stage 1 – Intent Audit
Stage 2 – Implementation Audit
What is reviewed during an Intent Audit?
Examines ISMS for compliances with ISO 27001, it looks at:
- Policy
- Scope
- Risk Assessment
- Risk Management
- Selection of controls
- SoA
What is reviewed during an Implementation Audit?
- Examine and close findings from Stage 1
- Audit sample to verify implementation of ISMS
- Auditor highlights and major and minor non-conformities
- Corrective action is required within 3 months
- Major non-conformities will need to be evidenced as addressed
How long will an org have to correct non-conformities highlighted during a Stage 2 audit?
3 months
How often will surveillance by a Certification Body continue after an org has been certified?
Usually annually or 6 months
