mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-24 13:24:05 -06:00
1.6 KiB
1.6 KiB
| title | aliases | tags | |
|---|---|---|---|
| 01-big-picture |
|
In the news
Why info sec
- more interconnected
- more exposure
- software devs need to know about security
- often security is an afterthought
- this is bad
- IS proatects the ability of an organisation to function
- also protects reputation
What is security
- protecting assets from harm or damage
- related concepts
- nation security (political security)
- safety (health)
- environmental security (clean environement)
- information security
- economic security (stability of ecomony)
What is information secuity
- focus of protecting information assets
- data, systems, equipment, infrastructure
- intentional and accidental risks
"The preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.” (ISO27000 Information Security Management Systems – Overview and Vocabulary)
Continuous need
- environment is rapidly changing
- innovation is rapid
- cloud computing
- more ICT capabilities introduce new attack vectors
Components of Info systems
can all be sources of attacks
- data
- e.g., bank: unauthorised acces to data
- people
- e.g., social engineering
- hardware
- e.g., physical security (usually)
- software
- e.g., most common
- netowrk
- e.g., lost os possibilities for attack
- procedures
- e.g., back: inside knowledge of faults within the business, that can be exploited
CIA Triad
- Confidentiality
- Availability
- Integ