Introduction Information Assurance and Security 1
Introduction Information Assurance and Security 1
Information
Assurance and
Security 1
Topic
01 Information Systems Security Concepts
02 Confidentiality, Integrity, and Availability (CIA)
03 The Seven Domains of an IT Infrastructure
04 IT Security Policy Framework and Data Standard Classification
01.
Information Systems
Security Concepts
Introduction to Information Systems
Security
Information Systems Security (ISS) refers to the
practices and technologies used to protect
information systems from unauthorized access,
misuse, disclosure, disruption, modification, or
destruction. It aims to ensure that data is secure,
systems are operational, and users can rely on the
integrity of their information.
These concepts encompass the core principles, strategies, and methods
designed to protect information systems. The key components include:
Authentication Authorization
Verifying the identity of users Ensuring that actions or
and systems. For example, transactions cannot be denied
using multi-factor by the parties involved. For
authentication (MFA) to example, using digital
strengthen access controls. signatures to provide proof of
origin and integrity of data.
03.
The Seven
Domains of an
IT Infrastructure
The seven domains outline areas within an IT infrastructure that require
security controls:
1. User Domain: End users interacting with IT systems. Example: Employees using secure
passwords.
2. Workstation Domain: Devices used by users (e.g., computers, laptops). Example: Installing
antivirus software on workstations.
3. LAN Domain: Internal networks connecting workstations and servers. Example: Configuring
firewalls to restrict traffic.
4. LAN-to-WAN Domain: The transition point between the internal network and the internet.
Example: Deploying intrusion detection systems (IDS).
5. WAN Domain: Connections between remote sites or external networks. Example: Using VPNs
for secure remote access.
6. Remote Access Domain: Connections from external users or devices to internal systems.
Example: Implementing MFA for remote logins.
Data Standard Classification: Categorizes data into levels based on sensitivity and required
protection.
Examples of Classifications:
Public Data: Minimal impact if disclosed (e.g., website content).
Internal Data: For internal use only (e.g., employee directories).
Confidential Data: Sensitive information (e.g., customer records).
Restricted Data: Highly sensitive (e.g., trade secrets).