Infosec Overview

  1. Infosec is the practice of protecting data from unauthorized access.

  2. CIA triad - protect confidentiality, integrity, availability.

  3. An incident could be a natural disaster, system malfunction, or security incident.

  4. Red team plays the attackers

  5. Blue team plays the defenders

Risk management process

  1. Identifying the Risk - Identifying risks the business is exposed to, such as legal, environmental, market, regulatory, and other types of risks.

  2. Analyze the Risk - Analyzing the risks to determine their impact and probability. The risks should be mapped to the organization's various policies, procedures, and business processes.

  3. Evaluate the Risk - Evaluating, ranking, and prioritizing risks. Then, the organization must decide to accept (unavoidable), avoid (change plans), control (mitigate), or transfer risk (insure).

  4. Deal with the Risk - Eliminating or containing the risks as best as possible. This is handled by interfacing directly with the stakeholders for the system or process that the risk is associated with.

  5. Monitor the Risk - All risks must be constantly monitored. Risks should be constantly monitored for any situational changes that could change their impact score, i.e., from low to medium or high impact.

Last updated