Human Element Security
1. One of the more difficult aspects in all of information security is providing security for and against
the some of the people within and surrounding our information, including our employees, contractors,
1. Physical security is largely concerned with the protection of three main categories of assets: people,
equipment, and data.
2. Our primary concern, of course, is to protect people. People are considerably more difficult to
1. The use of cryptography is an integral part of computing, networking, and the vast set of transactions
that take place over such devices on a daily basis.
2. We depend on cryptography when we have conversations on our cell phones
Auditing and Accountability
1. When we have successfully gone through the process of identification, authentication, and
authorization, or even while we are still going through the process, we need to keep track of the
activities that have taken
1. Operations security, known in military and government circles as OPSEC, is, at a high level, a
process that we use to protect our information.
2. Although the formal methodology of operations security is generally consider
Laws and Regulations
1. As an information security professional, it is very important to understand the role laws and
regulations play as well as how compliance might impact us, both from a personal and a business
2. These requireme
1. In the world of network security, we may face a number of threats from attackers, misconfigurations
of infrastructure or network-enabled devices, or even from simple outages.
2. As network dependent as the majority of the wo
Authorization and Access Control
1. We can achieve this with two main concepts: authorization and access control.
2. Authorization allows us to specify where the party should be allowed or denied access, and access
control enables us to manage t
Identification and Authentication
1. When we are developing security measures, whether on the scale of a specific mechanism or an
entire infrastructure, identification and authentication are likely to be key concepts.
2. In short, identification
What is Information Security?
1. Information security is a concept that becomes ever more enmeshed in many aspects of our society,
largely as a result of our nearly ubiquitous adoption of computing technology.
2. In our everyday lives, many of