Is Your Information Secure?

“Information Security – Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.”

“Confidentiality – Maintaining the privacy of the people whose personal information an organization holds.”

“Integrity – Data cannot be created, changed, or deleted without authorization.”

“Availability – Information, the computing systems used to process the information, and the security controls used to protect the information are all available and functioning correctly when the information is needed.”

“Defense In Depth – The layering on and overlapping of security measures. Should one defensive measure fail, there are other defensive measures in place that continue to provide protection.”

“Risk Management – The process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives. Taking countermeasures to reduce risk to an acceptable level based on the value of the information resource to the organization."

“Black Hat – Someone who subverts computer security without authorization or who uses technology (usually a computer or the Internet) for malicious intent.”

“White Hat – Someone who has a clearly defined code of ethics and works with a corporation, manufacturer, or owner to improve discovered security weaknesses.”

“Penetration Test – Evaluating the security of a computer system, network, or web application by simulating an attack by a black hat hacker.”

“Vulnerability Assessment – The process of identifying, quantifying, and prioritizing the vulnerabilities in a computer system, network, or web application.”

“Incident Management – Analyzing a computer security breach, determining the breadth of the breach, and taking corrective action.”

“Security Policy – Defines the goals and elements of an organization's computer systems. Security policies are enforced by organizational policies or security mechanisms.”