Fundamentals of Information Security

---

Goals

• Define the confidentiality, integrity, availability (CIA) triad
• Differentiate confidentiality, integrity, and availability
• Define information security
• Define the Parkerian Hexad and its principles
• Identify the four types of attacks (i.e., interception, interruption, modification, and fabrication)
• Compare threats, vulnerabilities, risk, and impact
• Define the risk management process and its stages
• Define the incident response process and its stages
• Define “defense in depth.”
• Identify types of controls to mitigate risk (i.e., physical, logical, administrative)
• Identify elements of risk management in policies and procedures
• Identify elements of incident response in policies and procedures
• Identify the layers of a defense-in-depth strategy
• Compare the abilities of physical, logical, and administrative controls, and combinations of same, to protect resources
• Classify cybersecurity tools according to the type of vulnerability they find/identify
• Identify cybersecurity concepts and principles that protect IT infrastructure
• Categorize control mechanisms (i.e., physical, logical, administrative) according to the type of risk they mitigate or eliminate
• Differentiate between the CIA triad and the Parkerian Hexad
• Align the four types of attacks (i.e., interception, interruption, modification, and fabrication) to the legs of the CIA triad

What is Information Security?

• Information Security

Attacks

• Attacks can be conducted against
  • data at rest and in motion
• Types of Attack
• Assessing attacks
  • Threats, Vulnerabilities, Risk, and Impact
• Mitigating attacks
  • Risk Management
  • Security Control
  • Incident Response (IR)

Defense

• defense techniques and methods:
  • Defense in Depth
  • Authentication, Authorization, & Accounting (AAA)
  • Principle of Least Privilege
  • Authentication
  • Identity Proofing
  • Separation of duties