Information Security Assurance it is a way of assuring information protection in any business or program software. Most especially to those organizations that deals with sensitive information. The assurance that they are will protected is a must in every corner. Learning the 5 principles of information assurance like availability, integrity, confidentiality, authentication and nonrepudiation.
Components of Information Security Assurance the 5 principles of Information Assurance will help us to evaluate the components and assets of Information Security Assurance.
• Availability – refers to how users are given access to sensitive information within your enterprise’s infrastructure.
• Integrity – means that your sensitive data is not tampered with in any way, whether maliciously by hackers or accidentally through user error.
• Confidentiality – only users who need to access sensitive information should ever be able to view, store, (in approved ways), or transmit this data.
• Authentication – means that there need to be controls in place to ensure that users who they claim to be before accessing any confidential information.
• Nonrepudiation – means that when information is transferred, there needs to be proof that the action was successfully completed on both the senders end and the receiver’s end.
Certificate Programs are special training that we do. To help us develop our knowledge, skills and some experiences that is necessary for a particular job. It can be useful for people who are just starting their career, as well s for people who already have years of experience and want to boost their skills.
While, Common Body Language are gestures or any body movements. That includes our facial expressions, what can be our emotion is. It showed on our face. When we wave our hands or we point something using our fingers. Like a thumbs up when we approved something or thumbs down when we disapproved a thing.
Governance is the system by which an organization is controlled and operates, and the mechanisms by which it, and its people, are held to account. It involves a set of relationship between a Company’s management, its board, its shareholders and other stakeholders.
While, Risk Management is the process of identifying, assessing and control threats to an organization’s capital and earnings. Its also identifying possible risk, problems or disasters before they happen. It allows business owners to set up procedures to avoid the risk, minimize its impact, or at the very least help cope with its impact.
Security Architecture is a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls.
While, design is a plan or drawing produced to show the look and function of the created idea.
Business Continuity Plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service. Plans may provide detailed strategies on how business operations can be maintained for both short-term and long-term outages.
Whereas, the Disaster Recovery (DR) plan is the same as a business continuity plan, but the DR plan focuses mainly on restoring an IT infrastructure and operations after a crisis. It’s actually one part of a complete business continuity plan, as a BC plan looks at the continuity of the entire organization.
Physical Security Control is the measures in a defined structure used to defer or prevent unauthorized access to sensitive material. Physical controls include the closed-circuit surveillance cameras, motion or thermal alarm systems, security guards.
Operation Security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary.
Law a rule or set of rules, enforceable by the courts, regulating the government of state, the relationship between the organs of government and the subjects of the state, and the relationship or conduct of subject towards each other language.
Investigation is the collection and analysis of evidence. To be acceptable to the court, it must be done in a structured way that abides by the legal rules and the appropriate process of evidence collection.
Ethics is two things. First, ethics refers to well founded standards of right and wrong that prescribe what humans ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific virtues. Secondly, ethics refers to the study and development of one’s ethical standards.
Information Security refers to the processes and methodologies which are designed and implemented to protect print electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, disclosure, destruction, modification or disruption.
