Cis Studyguide
Review
Overview of the Info Security (3 MC, 2 S/A, 1LA)
Objectives:
1. Recognize the importance of information technology and understand who is responsible for protecting an organization’s information assets 2. Know and understand the definition and key characteristics of information security 3. Know and understand the definition and key characteristics of leadership and management 4. Recognize the characteristics that differentiate information security management from general management
Concepts:
Information security (InfoSec) is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
Figure 1-1 shows that information security includes the broad areas of information security management (the topic of this book), computer and data security, and network security. At the heart of the study of information security is the concept of policy (discussed in detail in Chapter 4). Policy, awareness, training, education, and technology are vital concepts for the protection of information and for keeping information systems from danger.
* Business Mgmt Professionals: Orgzn ad Info Sec strategy, policy and resources ($$) * I.T. Mgmt : support business objectives w/ appropriate information technology (HW, SW, NW, interfaces) * InfoSec Mgmt: provide technical protective environment for critical assets from threats/ exploits, disruptions
Communities of Interest * InfoSec community: protects the organization’s information assets from the threats they face. * IT community: supports the business objectives of the organization by supplying and supporting information technology appropriate to the business’ needs. * Non-technical general business community: articulates and communicates organizational policy and objectives and allocates resources to the other groups.
Information Technology (I.T.)
= tangible HW, SW, DBs, NW, technologies used to
Overview of the Info Security (3 MC, 2 S/A, 1LA)
Objectives:
1. Recognize the importance of information technology and understand who is responsible for protecting an organization’s information assets 2. Know and understand the definition and key characteristics of information security 3. Know and understand the definition and key characteristics of leadership and management 4. Recognize the characteristics that differentiate information security management from general management
Concepts:
Information security (InfoSec) is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
Figure 1-1 shows that information security includes the broad areas of information security management (the topic of this book), computer and data security, and network security. At the heart of the study of information security is the concept of policy (discussed in detail in Chapter 4). Policy, awareness, training, education, and technology are vital concepts for the protection of information and for keeping information systems from danger.
* Business Mgmt Professionals: Orgzn ad Info Sec strategy, policy and resources ($$) * I.T. Mgmt : support business objectives w/ appropriate information technology (HW, SW, NW, interfaces) * InfoSec Mgmt: provide technical protective environment for critical assets from threats/ exploits, disruptions
Communities of Interest * InfoSec community: protects the organization’s information assets from the threats they face. * IT community: supports the business objectives of the organization by supplying and supporting information technology appropriate to the business’ needs. * Non-technical general business community: articulates and communicates organizational policy and objectives and allocates resources to the other groups.
Information Technology (I.T.)
= tangible HW, SW, DBs, NW, technologies used to