| Cryptography refers to the science of rendering information unrecognizable and thus useless to those without proper authorization. This field includes mathematics, computer science and engineering. While cryptography was initially applied to protect message confidentiality, it has grown to include issues such as privacy concerns, data integrity, identity authentication, secure computing and more. This article introduces the field of cryptography, defines the basic concepts of encryption and decryption and discusses related concepts. It also explores current uses of cryptography in the information security [...] Access controls determine the authorized activities of legitimate users, while mediating users’ access to system resources. Access controls ensure that data are being used by the appropriate people in the correct roles in particular contexts. For instance, IT infrastructures employ access control systems at a number of levels. Operating systems also rely on access controls to protect directories or files. As a result of regulatory compliance, there has been a noticeable push for controls in the IT industry. This article looks at basic concepts around access [...] Risk management plays a crucial role in helping organizations protect and secure their information assets. Effective risk management programs are a significant component of any IT security program. This article will discuss the role of risk management, including the identification, assessment, prioritization and diffusion of risks. Risks, Threats & Vulnerabilities Risk is often confused with other related terms and concepts. The lines between risks, threats and vulnerabilities are sometimes confused. Further, the terms “risk assessment” and “vulnerability assessment” are frequently used interchangeably, though they have very different applications. The term “risk” is defined as the impact that could result from vulnerability, or the [...] The CIA triad is a well-known model in information security development. It is applied in various situations to identify problems or weaknesses and to establish security solutions. It is an industry standard that information systems professionals should be familiar with. What is the CIA Triad? The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security. In order to avoid confusion, the CIA triad is sometimes referred to as the AIC triad, or PAIN, which stands for privacy, availability/authentication, integrity and non-repudiation. The three components [...] The ISO (International Organization for Standards) publishes international standards for the private sector. The ISO 27000 standards series refers to information security matters. Since October 2005, the ISO has published six of these standards, with controls ranging from managing security systems to problem solving methodology to [...] | |
