You are on page 1of 11

Chapter: 1 Introduction

Information Security
Joel Morrobel

Information Asset
An Information Asset is a definable piece of information,
stored in any manner which is recognized as 'valuable' to the
organization.
The
information
which
comprises
an
Information Asset, may be little more than a prospect name
and address file; or it may be the plans for the release of the
latest in a range of products to compete with competitors.
Irrespective, the nature of the information assets
themselves, they all have one or more of the following
characteristics:

They are recognized to be of value to the organization.


They are not easily replaceable without cost, skill, time, resources or
a combination.
They form a part of the organization's corporate identity, without
which, the organization may be threatened.
TheirData Classification would normally be Proprietary, Highly
Confidential or even Top Secret.

Information Security
Information security is the process of
protecting information. It protects its
availability, privacy and integrity.

The CIA:
Information Security Principles
Confidentiality
Allowing only authorized subjects access to
information
Integrity
Allowing only authorized subjects to modify
information
Availability
Ensuring that information and resources
are accessible when needed

Reverse CIA
Confidentiality
Preventing unauthorized subjects from
accessing information
Integrity
Preventing unauthorized subjects from
modifying information
Availability
Preventing information and resources from
being inaccessible when needed

Using the CIA


Think in terms of the core information security
principles
How does this threat impact the CIA?
What controls can be used to reduce the risk to
CIA?
If we increase confidentiality, will we decrease
availability?

Information Classification
Not all information has the
same value
Need to evaluate value based on CIA
Value determines protection level
Protection levels determine procedures
Labeling informs users on handling
Example:

Information Classification
Government classifications:
Top Secret
Secret
Confidential
Sensitive but Unclassified
Unclassified

Information Classification
Private Sector classifications:
Confidential
Private
Sensitive
Public

Information Classification
Criteria:
Value
Age
Useful Life
Personal Association

You will never have a


100 % Secure System

You might also like