IT Security Fundamentals
This is a beginner-level course designed to provide you with an introduction to Information technology security concepts. The course will suit anyone interested in understanding the fundamentals of security concepts from a business and technology perspective.
In this course we will provide:
- An introduction to the concept of Information Security
- We will cover the basic concepts that pertain to Information Security
- We then begin to answer the question - what is information security and why do we need it?
- We then explore some of the frameworks, controls and activities we can implement to control information security
This is a beginner level course where having a basic understanding of computing concepts will be useful
Please reach out to us at firstname.lastname@example.org with any questions, comments or feedback.
Hello and welcome. In this course I will provide an introduction to the concept of Information Security. We will cover the basic concepts that pertain to Information Security.
There is a fair amount of terminology used when discussing IT security. I’ve included a glossary in the course materials to provide explanations to some of the terminology we may come across, so please read through that if you come across an unfamiliar term.
So first and foremost, what is information security and why do we need it?
Information security is the practice of protecting information by mitigating information risks.
It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection, recording or devaluation of information.
Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data - while maintaining a focus on efficient policy implementation, all without hampering organization productivity.
This is largely achieved through a structured risk management process.
Looking at the list on the screen, which of these concepts stands out to you the most as being the really important thing for Information Security? That allows an organization to function most optimally?
So when we look at these, these are the things that we say give up the importance of Information Security. You know then protecting the company data. Data is the key. It's what all companies have. It's what all organizations have. They all have data.If that data goes missing, and it's unable to be retrieved, that could be an organizations ability to continue trading full stop. You can't just built back data sets. Once they're gone, they're gone. Especially if they're ransomware and you're not paying the money.
Then obviously protecting the corporate systems that house that data. Maintaining the data availability. And we'll look at some of these concepts in a bit bigger detail.
Reputation. Market Reputation is an important one. Very important.
We have the Protecting Customer Data. This one is really important in this day and age.
Expecially now that GDPR's come into play. it's far more important for us to protect customer data. It can have huge implications as it pertains to meeting our legal requirements. And also general compliance. And then obviously the payments and fines. in that type of area as well. So there will always be customer data to be protected.
And then obviously if we do this right we're able to prepare for problems. And preparing for problems means that we can actually see stuff before it's about to happen, or be prepared for it before it's about to happen. And then we're able to respond, which enables us to stay in business.
So here's our definition of Information Security. This model is by Cherdantseva and Hilton. It's concerned with the development and implementation of security countermeasures of all available types, technical, organizational, human oriented, and legal, in order to keep information, and all its locations within and without the organization's perimeter, and consequently information systems where information is created, processed, stored, transmitted, and destructed, free from threats.
So there's a lot in that one little paragraph there about what Information Security actually is. But the bits that really jump out to me right there are the fact that it's at the same time technical, organizational, human oriented, legal. It's about where the data is created, where it's processed, the machines that it's processed in, and how we store it, how it's transmitted, what format it's actually in. And then how ultimately we get rid of the things.
A common security situation occurs when a business wants to retire and remove redundant computer hardware. To ensure proper destruction of data media companies engage specialists to remove the hardware and certify that all data has been removed from the storage medium.
A company will often receive a certificate that says, "Hey we've done what you've asked us to do." Now, you don't actually know that they've done whatever you’ve asked you to do. So that certificate is supposed to be your assurance that that's been the case, i.e. that they’ve removed all the data from the storage medium. So we take the certificate on trust. Unless we go and audit them and find out exactly how it's done. Which is what we can do.
If the company is untrustworthy, we can see situations when your hard drives and your information systems and data is resold. These situations have happened in the past. So we have to be very, very careful as to how we take care of our data. When it's on hard drives we have to think about situations where people have laptops. This is the reason why a business might use a service like BitLocker, and those other types of encryption technologies.
Originating from a systems administration/network architecture career, a solid part of his career building networks for educational institutes. With security being a mainstay his implementation he grew a strong passion for everything cyber orientated especially social engineering. The educational experience led to him mentoring young women in IT, helping them to begin a cyber career. He is a recipient of the Cisco global cyber security scholarship. A CCNA Cyber Ops holder and elected for the CCNP Cyber Ops program.