BCS Certification in Information Security Management Principles: Difference between revisions
Created page |
Added to Chapter 1 |
||
| Line 12: | Line 12: | ||
=== 1. Information Security Principles === | === 1. Information Security Principles === | ||
Confidentiality = no unauthorised disclosure of information. <br> | |||
Integrity = information is accurate and complete. <br> | |||
Availability = information is accessible and usable. | |||
Assets are anything with value. There are three types always to be considered: information; physical assets (e.g. buildings); software. Other types may also be considered (e.g. reputation, loyalty, recovery cost). | |||
Threat = a potential cause of an unwanted incident. <br> | |||
Vulnerability = a weakness that can be exploited by a threat. <br> | |||
Risk = the effect of an uncertainty. Requires a threat and a vulnerability. <br> | |||
Impact = the level of severity of the consequence of the risk happening. | |||
Controls. Responses to risks. There are four: eliminate; reduce; transfer; accept. <br> | |||
Eliminate = avoid the risk entirely; do something different. <br> | |||
Reduce = lessen the likelihood or the impact, <br> | |||
Transfer = pass the risk to someone else, e.g. insurance. <br> | |||
Accept = tolerate the risk. (This is ''not'' 'do nothing'.) | |||
Identity, authentication and authorisation. <br> | |||
Identity = that which uniquely identifies an entity, be that an individual or item. <br> | |||
Authentication = assurance of a claimed identity. <br> | |||
Authorisation = permission granted to access (a system's resources). <br> | |||
=== 2. Information Risk === | === 2. Information Risk === | ||
Revision as of 23:12, 8 February 2022
BCS Certification in Information Security Management Principles
BCS CISMP. The BCS (British Computer Society) Certification in Information Security Management Principles. A five day course. A 248 page text book.
The text book is Information Security Management Principles Third Edition.
Concepts
CIA. Confidentiality, Integrity, Availability.
Book Chapters
1. Information Security Principles
Confidentiality = no unauthorised disclosure of information.
Integrity = information is accurate and complete.
Availability = information is accessible and usable.
Assets are anything with value. There are three types always to be considered: information; physical assets (e.g. buildings); software. Other types may also be considered (e.g. reputation, loyalty, recovery cost).
Threat = a potential cause of an unwanted incident.
Vulnerability = a weakness that can be exploited by a threat.
Risk = the effect of an uncertainty. Requires a threat and a vulnerability.
Impact = the level of severity of the consequence of the risk happening.
Controls. Responses to risks. There are four: eliminate; reduce; transfer; accept.
Eliminate = avoid the risk entirely; do something different.
Reduce = lessen the likelihood or the impact,
Transfer = pass the risk to someone else, e.g. insurance.
Accept = tolerate the risk. (This is not 'do nothing'.)
Identity, authentication and authorisation.
Identity = that which uniquely identifies an entity, be that an individual or item.
Authentication = assurance of a claimed identity.
Authorisation = permission granted to access (a system's resources).
2. Information Risk
xcxx
3. Information Security Framework
xcxx
4. Security Life Cycles
xcxx
5. Procedural and People Security Controls
xcxx
6. Technical Security Controls
xcxx
7. Physical and Environmental Security
xcxx
8. Disaster Recovery and Business Continuity Management
xcxx
9. Other Technical Aspects
xcxx