InfoSec Risks, Threats, Vulnerabilities &; Countermeasures

This article takes a closer look at infosec risks, threats, attacks, vulnerabilities and countermeasures/security controls. It differentiates between the concepts and provides industry-standard definitions for each. The article also explores four basic categories of countermeasures/security controls: preventative, reactive, detective and administrative. Finally, the article examines the ‘Risks = Threats X Vulnerabilities X Impact’ formula from a critical [...]

Share

Components of a Privacy Policy

Enterprise privacy policies and privacy programs are essential. While policies alone cannot prevent data breaches or misuse of personal information, they are a good step in ensuring transparency and privacy-friendly practices. A privacy policy should contain the following key components: notice; consumer choice; access and correction; security; and [...]

Share

CIA Triad

This article introduces the model of the CIA triad for designing and assessing information systems. It provides a discussion of the three main components of the triad: confidentiality, integrity and availability. This triad has been the basis of the information security industry for over twenty years. The article goes on to discuss the application of the CIA triad, for instance in cryptography, authentication and network architectures. Finally, the article provides some points of critique and suggested improvements for the CIA [...]

Share

ISO 27000 Series

The ISO (International Organization for Standards) publishes international standards for the private sector. The ISO 27000 standards series refers to information security matters. Since October 2005, the ISO has published six of these standards, with controls ranging from managing security systems to problem solving methodology to [...]

Share

FISMA: The Federal Information Security Management Act

The E-Government Acts of 2002 involved a large number of new regulations to implement and control the use of electronic technologies by the U.S. Government. Title III of this Act, called the Federal Information Security Management Act required all Government agencies to develop extensive information security [...]

Share