Information Security (InfoSec) refers to the practices, policies, and technologies used to protect data and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
The foundations are the core principles and concepts that define how information should be protected. These are usually grouped into the CIA Triad, along with additional principles and security controls.
This is the backbone of information security:
C – Confidentiality
Ensuring that information is accessible only to those authorized to have access.
Example: Using passwords or encryption to protect files.
I – Integrity
Ensuring the information is accurate and unaltered.
Example: Hashing to detect if a file has been tampered with.
A – Availability
Ensuring that information and systems are available when needed.
Example: Backups or redundancy to prevent downtime.
These are the rules that guide how security is implemented and maintained in an organization.
Example: Password policies, access control policies, incident response plans.
Understanding and managing risks related to information assets:
These are measures taken to reduce risk:
Organizations must follow laws, regulations, and standards related to data security (e.g., GDPR, HIPAA, ISO 27001).
| Concept | Purpose |
|---|---|
| CIA Triad | Protect data (Confidentiality, Integrity, Availability) |
| AAA | Identity and access management |
| Policies | Standardize security practices |
| Risk Management | Identify and reduce threats |
| Security Controls | Implement protections |
| Compliance | Meet legal and regulatory standards |
Open this section to load past papers