Information Security Information Security is the act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure and corruption and destruction. Information Systems Security The act of protecting the systems that hold and process critical data. The CIANA Triad (Confidentiality, Integrity, Availability, Non-repudiation, Authentication) Confidentiality ensures that information is only accessible to […]
Read MoreOWASP – Open Web Applications Security Project Minimize attack surface area, refers to all the potential vulnerabilities that a threat actor could exploit. Like attack vectors like phishing emails or week passwords Principle least privilege Defense in depth Separation of duties Keep security simple Fix security issues correctly Scope refers to the specific criteria of […]
Read MoreThe purpose of frameworks, organizations use frameworks as a starting point to develop plans that mitigates risks, threats and vulnerabilities to sensitive data and assets. NIST Cybersecurity framework is a voluntary framework that consists of standards, guidelines and best practices to manage cybersecurity risk. The CSF consist of five important core functions: IDENTIFY, PROTECT, DETECT, […]
Read MoreAuthentication is the process of verifying who someone or something is. An example of authentication is logging in into a website with your username and password. Biometrics is unique physical characteristics that can be used to verify a person’s identity. Examples of biometric are a fingerprint, an eye scan or a palm scan Vishing is the exploitation […]
Read MoreSecurity information and event management (SIEM) tools A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization. A log is a record of events that occur within an organization’s systems. Depending on the amount of data you’re working with, it could take hours or days to […]
Read MoreGlossary terms from week 3 Terms and definitions from Course 1, Week 3 Asset: An item perceived as having value to an organization Availability: The idea that data is accessible to those who are authorized to access it Compliance: The process of adhering to internal standards and external regulations Confidentiality: The idea that only authorized […]
Read More