Chapter #1 - jude-lindale/Wiki GitHub Wiki

Chapter 1 (Introduction to Security)

What is Security

  • The security of the individual, company, assets, or security of their information and many more things are expected and seem to be quite in sync with nature's laws.
  • In the simplest of terms, security is protecting what you or others have this includes physical and non-physical assets. -Some of these non-physical assets include confidential information and data; intellectual property; research data with the potential of high-value realization and high investment; and the security of your customers or end-users when at your facility or while using your systems.

Why is Security Important?

  • Essentially it is important for the sake of having security. Plus keeping personal/vital information from getting in the wrong hands

Applicable Standards and Certifications

  • In order to ensure information security, various efforts have been made by the industry in the form of standards and certifications. Some of the popular ones are: I -SO/IEC 27001:20054 (revised in 2013) — Information Systems Security Management System — Requirements by the International Organization for Standardization (based on ISO/IEC 27002) -Payment Card Industry Data Security Standard (PCI DSS) by PCI Security Standards Council -Payment Application Data Security Standard (PA-DSS) by the PCI Security Standards Council -Control Objectives for IT and related Technology (COBIT) by Information Systems Audit and Control Association -ISO 20000-1:20114 i.e. Information technology — Service Management — Part 1: Service management system requirements. These are the standards against which an organization or an application can get certified (as appropriate) to or adopted by an organization to improve itself and provide a base for the compliance check for others

-Some of the other related regulations/framework of importance are: -Sarbanes-Oxley Act of 2002 also known as SOX -Committee Of Sponsoring Organization of the Treadway Commission (COSO) framework -The Health Insurance Portability And Accountability Act (HIPAA) of 1996 -Federal Information Security Management Act (FISMA) of 2002, Federal Information Processing Standards (FIPS) released by the National Institute of Standards and Technology (NIST)

-Some of the other standards of relevance are: ISO/IEC 15408-1:2009 - Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model4; ISO/IEC 15408-2:2008 - Information technology -- Security techniques — Evaluation criteria for IT security — Part 2: Security functional components4; ISO/IEC 15408-3 - Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components4; ISO/IEC 18405:2008 - Information technology — Security techniques — Methodology for IT security evaluation4. The International Organization for Standardization has also published many more guidelines for security professionals4. Furthermore, organizations like Information Systems Audit and Control Association in the U.S. have published many useful models and papers on information security.