InfoSec 101

InformationSystem

Security is the state or outcome of protecting assets from danger through controls (also called safeguards or countermeasures). Assets are anything of value. Value is anything of importance, significance, or use.

Information Security is a discipline to protect information and information systems from threats through security controls to achieve the objectives of confidentiality, integrity, and availability, or CIA for short. Information is useful data; an information system is a system that converts data into information; a system is a collection of related elements that work together to achieve a common goal. A typical information system comprises such elements as data, computers, operating systems, software, networks, data centers, people, business processes, and so forth. Kindly be reminded that a CISSP is a Certified Information Systems Security Professional.

Risk is the effect of uncertainty on objectives. Risks with positive effects are opportunities, while negative effects are threats. Information Security, which not uncommonly emphasizes addressing threats more than opportunities, is a subdiscipline of risk management.

This post answers the Brain Burner Questions.

2 thoughts on “InfoSec 101

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s