The content in chapter 1: Understanding information security, understanding the goals of information security, comprehending the security process, authentication issues to consider, distinguishing between security topologies. | General Security Concepts Contents Understanding Information Security Understanding the Goals of Information Security Comprehending the Security Process Authentication Issues to Consider Distinguishing between Security Topologies Terminologies Protocol: an official set of steps or language for communication Algorithm: a specific set of steps to solve a problem or do some task String: a series of characters. Example if a character can be a-z and 0-9 an 8 character string might be “ar01z14b” Control: a countermeasure or attempt to mitigate a security risk. A firewall is technical control. Policies are HR controls. Encryption is a technical control. Information Security Security? Physical security of servers and workstations Protecting data from viruses and worms or from hackers and miscreants The capability to restore files if a user accidentally deletes them Problems with security: It is next to impossible for everyone to agree on what it means We don’t really mean that we want things to be completely secured While everyone wants security, no one wants to be inconvenienced by it Security Triad Securing the Physical Environment Protecting your assets and information from physical access by unauthorized persons Threats often present themselves as service technicians, janitors, customers, vendors, or even employees Components of physical security: Making a physical location less tempting as a target Detecting a penetration or theft Recovering from a theft or loss of critical information or systems Examining Operational Security Operational security issues include: Network access control (NAC), Authentication, Security topologies after the network installation is complete. Daily operations of the network Connections to other networks Backup plans Recovery plans In short, operational security encompasses everything that isn’t related to design or physical security in the network Examining Operational Security Working with Management and Policies Guidance, rules, and . | General Security Concepts Contents Understanding Information Security Understanding the Goals of Information Security Comprehending the Security Process Authentication Issues to Consider Distinguishing between Security Topologies Terminologies Protocol: an official set of steps or language for communication Algorithm: a specific set of steps to solve a problem or do some task String: a series of characters. Example if a character can be a-z and 0-9 an 8 character string might be “ar01z14b” Control: a countermeasure or attempt to mitigate a security risk. A firewall is technical control. Policies are HR controls. Encryption is a technical control. Information Security Security? Physical security of servers and workstations Protecting data from viruses and worms or from hackers and miscreants The capability to restore files if a user accidentally deletes them Problems with security: It is next to impossible for everyone to agree on what it means We don’t really mean that we want .
