1 Security Concepts of Information Assurance

 

This chapter covers

  • Fundamental terms of cybersecurity
  • The CIA Triad
  • Data classification

In organizations, people, processes, and technology work in concert to create value. Technology is part of what we refer to as infrastructure, which can be both physical and digital. Physical includes buildings, servers, or network equipment. Digital includes software and data.

As cybersecurity engineers, our goal is to protect the organization's infrastructure, processes, and people from disruptions caused by threats or adverse events. To do our jobs well, we need to understand the organizations we work with, the relevant threats we protect against, and how to implement effective controls to protect against them.

This chapter defines basic cybersecurity concepts that cybersecurity engineers use on a regular basis. We will define the concepts of threats and vulnerabilities, examine the CIA Triad model to help us understand the dimensions of vulnerabilities and security controls, and conclude with common classifications of data in terms of value and sensitivity.

1.1 Fundamental Terms of Cybersecurity

As a cybersecurity engineer, you will participate in or assume responsibility for the protection of organizations against cybersecurity threats. To do your job well, you need to understand the risks that the organization faces; the relevant threats that you are protecting against, and how to deploy effective controls as protections to mitigate the risks.

1.1.1 Organizations

1.1.2 Information Systems and Information Technology

1.1.3 Tangible Assets, Intangible Assets, and Human Assets

1.1.4 Vulnerabilities, Threats, and Actors

1.1.5 Security Controls

1.2 The Confidentiality, Integrity, Availability (CIA) Triad

1.3 Data Classification

1.3.1 Sensitive information

1.3.2 Confidential information

1.3.3 Personally Identifiable Information (PII)

1.3.4 Protected Health Information (PHI)

1.4 Summary