Information Assurance - The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.
Five Pillars of Information Assurance
Availability
Integrity
Authentication
Confidentiality
Non-Repudiation
Information Security - Is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
CIA TRIAD
Confidentiality
Integrity
Availabilty
Common Security Risks
PhysicalSecurity Risks
Insider Threats
CybersecurityRisks
Social Engineering Attacks
PHYSICAL SECURITY RISKS
Tailgating
Theft of Documents
Unaccounted visitors
Stolen Identification
Cybersecurity risk - is the probability of exposure or loss resulting from a cyber-attack or data breach on your organization
Stolen Identification - An access control system only works if everyone uses their own identification
Unaccounted visitors - If you don’t know who is or was in your workplace at a specific time, it is impossible to keep a high level of physical security.
TheftofDocuments - Offices are likely to have papers and documents lying around in many places, from desks to printer stations.
Tailgating - is when an unauthorized person follows an authorized person into a secure area.
Insider threats - refer to the risks posed by individuals within an organization who misuse their access privileges to compromise security.
Social engineering attacks - exploit human psychology to manipulate individuals into revealing sensitive information or performing actions against their best interests.
Physical security risks - involve potential threats to the physical assets of an organization, such as theft, vandalism, or unauthorized access.