Index.1.General concepts of Information Security2.CISO (Chief Information Security Officer)3.Certifications related to Information Security 3.1. CISSP 3.2. CISA, 3.3. Security+
What is security?Information security is defined as“protecting information and information systemsfrom unauthorized access, use, disclosure,disruption, modification, or destruction”
When Are We Secure?Are we secure if our systems are properly patched?Are we secure if we use strong passwords?Are we secure if we are disconnected from theInternet entirely?
When Are We Secure?From a certain point of view, all of these questionscan be answered with a “NO”
Confidentiality, Integrity, and Availability TriadWhen we discuss security issues, it is often helpful tohave a model that we can use as a foundation or abaseline. This model is Confidentiality, Integrity, andAvailability (CIA) triad model.
Confidentiality, Integrity, and Availability Triad
CISOChief Information Security Officer (CISO) is thesenior-level executive withinan organization responsible for establishing andmaintaining the enterprise vision, strategy andprogram to ensure information assets are adequatelyprotected.
Certifications related to Information Security1) CISSP - The Certified ISS Professional2) CISM - Certified Information Security Manager3) CSSLP - Certified Secure Software Lifecycle Professional4) SSCP - Systems Security Certified Practitioner5) ISSAP – ISS Architecture Professional6) ISSEP - ISS Engineering Professional7) ISSMP - ISS Management Professional
CISSP•The CISSP is known as the "gold standard" ofsecurity certifications.•It is governed by the International ISS CertificationConsortium or (ISC)2.
(ISC)2The International Information Systems SecurityCertification Consortium, also known as(ISC)2, is aglobal, not-for-profit leader in educating andcertifying information security professionals.