confidentiality

CISSP Concepts of Confidentiality, Integrity, and Availability – Bk2D1T1

Module Objectives Explain the concepts of confidentiality, integrity, and availability. Differentiate between confidentiality, integrity, and availability. Confidentiality, Integrity, and Availability (CIA) Triad When practitioners discuss the field of security, we concentrate on three goals: ensuring the confidentiality, integrity, and availability (CIA) of assets. This is referred to as the CIA triad. In information security, the assets are data—information that requires security. This is true for data in any form, whether it is stored electronically or …

CISSP Concepts of Confidentiality, Integrity, and Availability – Bk2D1T1 Read More »

CISSP Security and Risk Management – Bk2D1

Overview Security and Risk Management in this Domain 1 of the (ISC)2®  CBK lays the foundation for the entire course, introducing  concepts and principles that will  be utilized  throughout. It is imperative that the candidate learn and understand these thoroughly, if the candidate is not already familiar with the material from professional practice. NOTE: Throughout this domain and much of the rest of the course material, the term “organization” will be used to describe operational entities; …

CISSP Security and Risk Management – Bk2D1 Read More »

CISSP Implement Site and Facility Security Controls – Bk1D3T11

Implement Site and Facility Security Controls in this all the thought and effort put into ensuring that the operation of your systems protects  the confidentiality, integrity, and availability of your data is for naught if the threat actor can simply walk into your data center and walk out with the disk drives. Designing a data center or engaging the services of a third-party data center requires careful consideration of the risks and appropriate controls to …

CISSP Implement Site and Facility Security Controls – Bk1D3T11 Read More »

CISSP Understand the Fundamental Concepts of Security Models – Bk1D3T2

A Security models is a hypothetical abstraction of a system, simplified to enable analysis of certain aspects of the system without the complexity and details of the entire system being analyzed. A security model is a model that deals with security policy. Security models can be formal, intended for mathematical analysis to assist in the verification that a system complies with a specific policy, or they can be informal, serving to illustrate and simplify the …

CISSP Understand the Fundamental Concepts of Security Models – Bk1D3T2 Read More »

CISSP Understand and Apply Concepts of Confidentiality, Integrity, and Availability -Bk1D1T1

For thousands of years, people have sought assurance that information has been captured, stored, communicated, and used securely. Depending on the context, differing levels of emphasis have been placed on the availability, integrity, and confidentiality of information, but achieving these basic objectives has always been at the heart of security practice. As we moved from the time of mud tablets and papyrus scrolls into the digital era, we watched the evolution of technology to support …

CISSP Understand and Apply Concepts of Confidentiality, Integrity, and Availability -Bk1D1T1 Read More »

ISO-27001-Annex-12-Operations-Security-infosavvy

ISO 27001 Annex : 12 Operations Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1  Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1  Documented Operating Procedures Control-Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should …

ISO 27001 Annex : 12 Operations Security Read More »

ISO-27001-Annex-A.14.1.2-Securing-Application-Services-on-Public-Networks

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Information about application services which pass through public networks should be protected against fraudulent activities, contract disputes, unauthorized disclosure, and modification. Implementation Guidance – Information security requirements will include the following for application services that cross public networks: Each party requires a level of trust in the identity claimed by each other, for example, through authentication; Authorizations for those who may authorize the …

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Read More »

ISO-27001-Annex-14-System-Acquisition-Development-and-Maintenance

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 : Annex 14 System Acquisition , Development and Maintenance in this article is explain  A.14.1  Security Requirements of Information Systems & A.14.1.1  Information Security Requirements Analysis and Specification. A.14.1  Security Requirements of Information Systems Its objective is ensuring the information management for the entire lifecycle is an important part of information systems. This also includes the information systems requirements that provide services over a public network. A.14.1.1  Information Security Requirements Analysis and Specification …

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance Read More »

ISO-27001-Annex-A.13.2.3-Electronic-Messaging-&-A.13.2.4-Confidentiality-or Non-Disclosure-Agreements

ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements . A.13.2.3  Electronic Messaging Control- Electronic messaging information should be adequately protected. Implementation Guidance – The following should include information security aspects for electronic messages: Protecting messages against unauthorized access, change or denial of services in line with the organization’s classification scheme; ensure that the message is correctly addressed and transported; Service reliability and availability; Legal considerations, such …

ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements Read More »

ISO-27001-Annex-A.13.2-Information-Transfer

ISO 27001 Annex : A.13.2 Information Transfer

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.13.2  Information Transfer Its objective is to maintain the security of information transferred to any external entity and within the organization. A.13.2.1  Information Transfer Policies and Procedures Control- In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed. Implementation guidance – The following items should be addressed in the procedures and controls required to use communications facilities to transmit …

ISO 27001 Annex : A.13.2 Information Transfer Read More »