امن 1

avatar
Created by
Nawal Fahad

Cards (43)

  • Information security
    A "well-informed sense of assurance that the information risks and controls are in balance."
  • History of information security
    1. 1960s: ARPA examined feasibility of redundant networked communications, ARPANET is predecessor to the Internet
    2. 1970s and 80s: Fundamental problems with ARPANET security, Start to study computer security
    3. 1990s: Internet became first manifestation of a global network of networks, security was treated as a low priority
    4. 2000: Many of the communication unsecured, Growing threat of cyber attacks has increased the need for improved security
    5. Present: the Internet has brought millions of unsecured computer networks into communication with each other
  • Security
    The quality or state of being secure—to be free from danger
  • Layers of security
    • Physical security
    • Personal security
    • Operations security
    • Communications security
    • Network security
    • Information security
  • Information security
    The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information
  • Necessary tools for information security
    • Policy
    • Awareness
    • Training
    • Education
    • Technology
  • C.I.A. triangle
    Standard based on confidentiality, integrity, and availability
  • Key information security concepts
    • Access
    • Asset
    • Attack
    • Control, Safeguard, or Countermeasure
    • Exploit
    • Exposure
    • Loss
    • Protection Profile or Security Posture
    • Risk
    • Subjects and Objects
    • Threat
    • Threat Agent
    • Vulnerability
  • Access
    A subject or object's ability to use, manipulate, modify, or affect another subject or object
  • Asset
    The organizational resource that is being protected
  • Attack
    An act that is an intentional or unintentional attempt to cause damage or compromise to the information and/or the systems that support it
  • Control, Safeguard, or Countermeasure
    Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization
  • Exploit
    To take advantage of weaknesses or vulnerability in a system
  • Exposure
    A single instance of being open to damage
  • Hack
    Good: to use computers or systems for enjoyment; Bad: to illegally gain access to a computer or system
  • Object
    A passive entity in the information system that receives or contains information
  • Risk
    The probability that something can happen
  • Security Blueprint

    The plan for the implementation of new security measures in the organization
  • Security Model

    A collection of specific security rules that represents the implementation of a security policy
  • Security Posture or Security Profile

    A general label for the combination of all policies, procedures, technologies, and programs that make up the total security effort currently in place
  • Subject
    An active entity that interacts with an information system and causes information to move through the system for a specific end purpose
  • Threats
    A category of objects, persons, or other entities that represents a potential danger to an asset
  • Threat Agent
    A specific instance or component of a more general threat
  • Vulnerability
    Weaknesses or faults in a system or protection mechanism that expose information to attack or damage
  • A computer can be the subject or object of an attack
  • Critical characteristics of information
    • Availability
    • Accuracy
    • Authenticity
    • Confidentiality
    • Integrity
    • Utility
    • Possession
  • Availability
    Enables users who need to access information to do so without interference or obstruction and in the required format
  • Accuracy
    Free from mistake or error and having the value that the end user expects
  • Authenticity
    The quality or state of being genuine or original, rather than a reproduction or fabrication
  • Confidentiality
    The quality or state of preventing disclosure or exposure to unauthorized individuals or systems
  • Integrity
    The quality or state of being whole, complete, and uncorrupted
  • Utility
    The quality or state of having value for some purpose or end
  • Possession
    The quality or state of having ownership or control of some object or item
  • Components of an information system
    • Software
    • Hardware
    • Data
    • People
    • Procedures
    • Networks
  • It is impossible to obtain perfect security
  • Security should be considered a balance between protection and availability
  • Security professionals in an organization
    • Senior management
    • Information security project team
  • Chief Information Officer (CIO)

    The senior technology officer, primarily responsible for advising the Chief Executive Officer, President, or company owner on the strategic planning that affects the management of information in the organization
  • Chief Information Security Officer (CISO)

    The individual primarily responsible for the assessment, management, and implementation of securing the information in the organization
  • Information security project team members
    • Champion
    • Team leader
    • Security policy developers
    • Risk assessment specialists
    • Security professionals
    • Systems administrators
    • End users