What is information security?
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption, and destruction
What is Information System Security?
Act of protecting the systems that hold and process the critical data
C.I.A.
Confidentiality Integrity Availability
Confidentiality
Ensures that information is only accessible to those with the appropriate authorization
Integrity
Data remains accurate and unaltered unless modification is required
Availability
Information and resources are accessible and functional when needed by authorized users
Non-repudiation
Guaranteeing that a specific action or event has taken place and cannot be denies by the parties involved
Pentagon C.I.A.N.A
Confidentiality Integrity Availability Non-repudiation Authentication
AAA Security
Authentication Authorization Accounting
Authentication
Process of verifying the identity of a user or system
Authorization
Defines what actions or resources a user can access
Accounting
Act of tracking user activities and resource usage, typically for audit or billing purposes
Security Controls
Measures or mechanism put in place to mitigate risks and protect the CIA (confidentiality, integrity and availability) of information systems and data
What are types of Security Controls
Preventative Deterrent Detective Corrective Compensating Directive
Zero Trust
Security model that operates on the principle that no one, whether from inside or outside of the organization should be trusted by default
Control Plane
Consists of the adaptive identity, threat scope reductions, policy-driven access control, and secured zones
Data Plane
Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcements points
