2. INFORMATION SECURITY
(“Information Security,”)
What is Information Security?
Information Security is the practice of defending information
from being accessed, used, disclosed, modified, inspected,
recorded, or destroyed by someone who is unauthorized to do so
(“Definintion of information securtiy,” 2012).
4. CIA TRIAD CONT’D.
Confidentiality- only allows access to those who need it
Integrity- ensures that the data is not modified by
unauthorized users
Availability- maintains that assets are able to be accessed
by authorized personnel whenever needed
Authenticity- verifies the identity of the user
Accountability- holds users responsible for their actions by
recording and identifying them
Non-repudiation- assures the identities of the parties
involved in a transaction
5. SECURITY CHOICES
Rule-based Decisions-Widely accepted
guidelines
Relativistic Decisions- Trying to outdo
others with similar security issues
Rational Decisions- Analyzing the situation
and creating a rational solution
7. SECURITY POLICY
Includes the following:
Policy
Scope
Risk Management
Definitions of Information Security Terms
Responsibilities
Classification of Information
Computer and Information Control
(“Security,” 2012)
(“Sample information security policy,” 2010)
8. SECURITY ADMINISTRATION TEAM
Oversee that the Security Policy is adhered by the
entire organization
Responsible for the security maintenance of resources
within the organization
(“The infosec team,”)
9. INCIDENT RESPONSE PLAN
Guideline for the Incident Response Team that describes
how to handle each and every situation
Reduces confusion in the event of an incident
Minimizes downtime in the event of an incident
Helps to prevent making the same mistakes twice
10. INCIDENT RESPONSE TEAM
Prepares all within the organization on security
measures
Identifies when and if an incident has taken place
Contains the affected systems and/or devices in order
to prevent further damage
Eradicates the origin of the incident and removes any
and all traces
Recovers lost data through the use of clean backups,
ensures there are no vulnerabilities, and looks for a
repeat occurrence
Looks for ways to constantly improve the handling the
incident and preventing it from happening again
11. BUSINESS CONTINUITY PLAN
Impact Analysis
Recovery Strategies
Plan Development
Testing & Exercises
Maintenance
(“Business continuity plan,” 2012)
(“Business continuity planning,”)
12. REFERENCES
Business continuity plan. (2012). Retrieved from
http://www.ready.gov/business/implementation/continuity
Business continuity planning lifecycle. (n.d.). Retrieved from
http://upload.wikimedia.org/wikipedia/en/thumb/c/cf/BCPLifecycle.gif/220
px-BCPLifecycle.gif
Cia & infosec. (2012). Retrieved from
http://geraintw.blogspot.com/2012/09/cia-infosec.html
Information security. (n.d.). Retrieved from
http://www.thesecuritypub.com/wp-content/uploads/2013/10/information-
security.jpg
Risk management. (2012). Retrieved from
http://www.guardianconsultants.co.uk/risk.html
13. REFERENCESCONT’D.
Sample information security policy. (n.d.). Retrieved from
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&ved=0CGY
QFjAC&url=http%3A%2F%2Fwww.nchica.org%2Fhipaaresources%2FSecurity%2FGeneralPoli
cy.doc&ei=jWauUtC2NaLesAS_-
YCACg&usg=AFQjCNGu6BXWB0SmUfxaPCyPnofyYltD1w&sig2=OSYSoVZREnUX1M8S7
5w9xw&bvm=bv.57967247,d.cWc
Safe state- Architecture. (2010). Retrieved from http://hclsecurity.in/safe-state/the-
security-architecture
Security. (2012). Retrieved from http://www.btt-tech.com/level2?sub_id1=48
Smith, R.E., PhD. (2011). Elementary Information Security. Burlington, MA: Jones & Bartlett
Learning.
The infosec team. (n.d.). Retrieved from http://www.bu.edu/infosec/infosec/is/
Your information is secure. (2013). Retrieved from http://www.shipperswarehouse.com/information-
security
Editor's Notes
I have decided to do my project paper on the planning and implementing of Information Security. Information Security is important to everyone whether that be an in-home network or a business with multiple computers on their network in several different locations. Without a proper plan in place no network will be secure, therefore the topics going to be discussed throughout will outline the different methods for planning and implementing Information Security on any network.
The basis of Information Security starts with the CIA Triad which is an acronym for Confidentiality, Integrity, and Availability.
The CIA Triad is a model of information assurance that ensures the Confidentiality, Integrity, and Availability of a system. There are three common extensions to the CIA Triad and they are Authenticity, Accountability, and Non-repudiation.
There are three separate types of categories of security choices: Rule-based decisions, Relativistic decisions, and Rational decisions.
Risk Assessment is the first step of a good plan and an essential part of implementing Information Security. It is important to do a full assessment on all assets, vulnerabilities, and threat likelihood’s and then prioritize them from most important to least. The red area of the picture represents the highest risk for assets, vulnerabilities, and threat likelihoods.
A security policy will determine the guidelines that everyone within the organization must follow.