Understanding Information Security

To ensure compliance with financial regulations.

To enhance the speed of data processing.

To promote the use of open-source software.

To protect the confidentiality, integrity, and availability of information.

Volume

Accuracy, relevance, timeliness

Cost-effectiveness

Complexity

National Security Telecommunications and Information Systems Security Committee Security Model

National Security Telecommunications and Information Systems Security Council Model

National Security Technology and Information Systems Security Committee Model

National Security Telecommunications and Information Systems Security Coordination Model

Networks, protocols, and algorithms

The main components of an Information System are hardware, software, data, procedures, and people.

User interfaces and graphics

Cloud storage and web services

Ignore software updates and patches

Implement access controls, encryption, regular updates, security audits, and user training.

Use default passwords for all accounts

Disable all security features

It allows unrestricted access to all users.

It focuses solely on enhancing user experience without regard for data protection.

It ensures protection of sensitive data while allowing authorized access for productivity.

It eliminates the need for any security measures.

The phases of the Software Development Life Cycle (SDLC) are Planning, Analysis, Design, Implementation, Testing, Deployment, and Maintenance.

Planning, Execution, Review, Release

Concept, Development, Testing, Support

Design, Implementation, Evaluation, Maintenance

Security measures are only needed during the testing phase.

Security is only important after the software is deployed.

Security is irrelevant in the SDLC process.

Security ensures that software is developed with protection against threats and vulnerabilities throughout the SDLC.

Risk management is solely about compliance with regulations.

Risk management eliminates all potential threats to information.

Risk management in Information Security is only concerned with physical security measures.

Risk management in Information Security is the process of identifying, assessing, and mitigating risks to protect information assets.

Data encryption

Firewalls

Antivirus software

Malware, phishing, insider threats, data breaches, denial of service, weak passwords.