Information Security Management Principles_learner_stats_20121120 Flashcards Preview

Information Security Management Principles > Information Security Management Principles_learner_stats_20121120 > Flashcards

Flashcards in Information Security Management Principles_learner_stats_20121120 Deck (24)
Loading flashcards...
1

Information Security - Confidentiality

The property that information is not made available or disclosed to unauthorised individuals, entities or processes (ISO 13335)

2

Information Security - Integrity

The property of safeguarding the accuracy and completeness of assets (ISO 13335)

3

Information Security - Availability

The property of being accessible and usable upon demand by an authorised entity (ISO 13335)

4

Assets & Asset Types - Asset Definition

Anything that has valve to the organisation, its business operations and its continuity (ISO 13335)

5

Assets & Asset Types - 3 Main Asset Types

Pure Information, Physical Assets, Software

6

Assets & Asset Types - Pure Information Definition

Information in what ever format

7

Assets & Asset Types - Physical Assets Definition

Buildings, Computer Systems

8

Assets & Asset Types - Software Definition

Software used to process or manage information

9

Threat, Vulnerability, Risk & Impact - Threat Definition

A potenial cause of an incident that may result in harm to a system or organisation (ISO 13335)

10

Threat, Vulnerability, Risk & Impact - Vulnerability Definition

A weakness of an asset or group of assets that can be exploited by one or more threats (ISO 13335)

11

Threat, Vulnerability, Risk & Impact - Risk Definition

The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation (ISO 13335)

12

Threat, Vulnerability, Risk & Impact - Impact Definition

The result of an Information Security Incident, caused by a threat, which affects assets (ISO 13335)

13

Information Security Policy Concepts - Information Assurance Control Definition

Controls in the Information Assurance sense are these activities that are taken to manage the risks identified. There are 4 main types of control.

14

Information Security Policy Concepts - The Types of Information Assurance Controls are:

Eliminate Risk, Reduce Risk, Transfer Risk & Accept Risk.

15

Information Security Policy Concepts - Define Information Assurance Control: Eliminate Definition

Eliminate: Risk avoidance - decision not to be involved in, or action to withdraw from a risk situation (ISO Guide 73)

16

Information Security Policy Concepts - Define Information Assurance Control: Reduce Definition

Reduce: Risk reduction - action taken to lessen the probability or the negative consequences or both, associated with risk (ISO Guide 73)

17

Information Security Policy Concepts - Define Information Assurance Control: Transfer Definition

Transfer: Risk Transfer - Sharing with another party the burden of loss or benefit of gain for a risk (ISO Guide 73)

18

Information Security Policy Concepts - Define Information Assurance Control: Accept Definition

Accept: Risk Acceptance - Decision to accept a risk (ISO Guide 73)

19

Identity, Authentication and Authorisation - Define Identity

Indentity: The properties of an individual or resouce that can be used to identify uniquely one individual or resource (Authors)

20

Identity, Authentication and Authorisation - Define Authentication

Authentication: Ensuring that the identity of a subject or resouce is the one claimed (Dervied from Authenticity in ISO 13335)

21

Identity, Authentication and Authorisation - Define Authorisation

The process of checking the authentication of an individual or resouce to establish and confirm their authorished use of or access to information or other assets (Authors)

22

Accountability, Audit & Compliance - Define Accountability

Accountiability: The responsibility for actions and processes (Authors)

23

Accountability, Audit & Compliance - Define Audit

Audit: Formal review of actions, processes, policies and procedures (Authors)

24

Accountability, Audit & Compliance - Define Compliance

Compliance: Working in accordance with actions, processes, policies and procedures liad down without necessarily having indepentant reviews (Authors)