Security is the state or outcome of protecting assets from danger through controls (also called safeguards or countermeasures). Assets are anything of value. Value is anything of importance, significance, or use.

Information Security is a discipline to protect information and information systems from threats through security controls to achieve the objectives of confidentiality, integrity, and availability, or CIA for short. Information is useful data; an information system is a system that converts data into information; a system is a collection of related elements that work together to achieve a common goal. A typical information system comprises such elements as data, computers, operating systems, software, networks, data centers, people, business processes, and so forth. Kindly be reminded that a CISSP is a Certified Information Systems Security Professional.

Risk is the effect of uncertainty on objectives. Risks with positive effects are opportunities, while negative effects are threats. Information Security, which not uncommonly emphasizes addressing threats more than opportunities, is a subdiscipline of risk management.

This post answers the Brain Burner Questions.