- Pci Dss
- Sox
- Hippa,
- Evaluating Systems
- Evaluating Systems, Goals Of Evaluating Systems
- Tcsec
- Itsec
- Fips
- Common Criteria
- Sse-Cmm
- Law And Information Security
- Historical Evolution Of Computer Related Law In The Us
- Privacy Law And Its Significance To Information Security
- The Uk Dpa And The Eu Gdpr
- Eta Of Nepal
Data Information and Knowledge
-
Data: This is the raw, unprocessed building block. It can be numbers, letters, symbols, or even images. By itself, data has no inherent meaning. It's like a pile of bricks.
-
Information: Data becomes information when it's processed, organized, and given context. This adds meaning and makes it useful. Think of information as the assembled bricks that form a wall. For instance, a series of numbers representing temperature readings is just data. But if you know they are temperatures from a weather station over the past week, that's information.
-
Knowledge: This is the highest level. Knowledge is the understanding gained from information. It involves being able to interpret, analyze, and apply information to solve problems or make decisions. Imagine the knowledge of using the weather information to decide whether to bring an umbrella.
Introduction to Information Security
Information security (InfoSec) is a critical field dedicated to protecting information and information systems from unauthorized access, disclosure, disruption, modification, or destruction. As organizations and individuals increasingly rely on digital data, the importance of safeguarding this information from various threats becomes paramount.
Confidentiality, Integrity, Availability, Authentication and Non-Repudiation
- Confidentiality: Ensures that information is accessible only to those authorized to have access. Techniques to maintain confidentiality include encryption, access controls, and authentication mechanisms.
- Integrity: Ensures the accuracy and reliability of information by preventing unauthorized modification. Integrity is maintained through the use of checksums, hashing algorithms, and version control.
- Availability: Ensures that information and resources are available to authorized users when needed. Availability is maintained through redundancy, failover mechanisms, and robust network and system designs.
- Authentication: Verifies the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
- Authorization: Determines what an authenticated user is allowed to do. Authorization policies and access control lists (ACLs) are typical methods to enforce authorization.
- Non-repudiation: Provides proof of the origin and integrity of data, ensuring that a party cannot deny the authenticity of their signature on a document or a message they sent. Digital signatures and audit trails are commonly used techniques.
