Information_Security_Task1

Information Security

Task 1 Recognizing the importance of information security

Jenniffer Ruiz Mendoza Group: 202016905_58

What is Information security?

Information security are the mechanisms that an organization implements to be protected against external attacks, having controls over each component like information; this helps outsiders or unauthorized people to make use of it. Executing controls and/or policies in a preventive manner helps us to have better security in our information systems; thereby, maintaining its integrity, availability and privacy.

What are the pillars of information?

Having principles or pillars in the information is important, they are a basis for information management and security since this is the most important capital that an organization has, it is essential to have each of them and take into account the characteristics that compose them In order to know how we should approach them, the pillars are the following:

it is an effort that the organization must have so that the information must be accessed in a controlled manner and by privileges by those who require it and the type of information to which they must access this with the support of policies or tools.

Confidentiality

Availability

Integrity

Having the information and the system available in the organization does not mean that it must be manipulated by everyone, but should be available just by the time it must be consulted and not blocked by possible cyber-attacks.

Ensure that the information is not manipulated by people who are not authorized, maintain the original form of the system or data, and not alter it for this may incur serious faults, as well as possible damage or elimination of this information.

3. What is a vulnerability and a threat?

A vulnerability is a weakness or gap that allows a cybernaut or virus to compromise the integrity, availability and confidentiality of information, for the above it is important to have updated systems (Patches and tools).A threat is an action by a third party, virus or human error that compromises some component or information of the organization that can have an impact.

What is risk management in computer security?

determine

They are methods that help us identify the risk of the information or the system through four phases: determine, analyze, assess and classify; all this based on security policies and standards in order to empower organizations and adopt best practices.

analyze

assess

classify

5. What are security controls?

They are all the tools that allow us to secure and control access to the information, the applications and the systems within the organization as well as guarantee and mitigate possible information leaks and/or damage to the logical infrastructure.

Conclusions

Security plays a vitally important role within the organization and without it our organization would be at risk and vulnerable.

The correct use of the tools allow the monitoring and control of access to the organization's information and system.

Keeping platforms updated with patches helps to close gaps or vulnerabilities that may arise and thus reduce the risk of being attacked.

Integrity, availability and confidentiality are the most important pillars regarding the security of the organization.

Bibliography

• The three-pillar approach to cyber security: Data and information protection, Tomado
• https://www.dnv.com/article/the-three-pillar-approach-to-cyber-security-data-and-information-protection-165683#:~:text=The%20CIA%20triad%20refers%20to,fundamental%20objective%20of%20information%20security.
• La diferencia entre amenaza, vulnerabilidad y riesgo, y por qué necesita saber - Connie Glover, tomado https://www.travasecurity.com/resources/the-difference-between-threat-vulnerability-and-risk-and-why-you-need-to-know
• Gestión de riesgo en la seguridad informática tomado - https://protejete.wordpress.com/gdr_principal/gestion_riesgo_si/
• Uiversidad Piloto de Colombia, Pinzón iraldo, 2021 tomado http://repository.unipiloto.edu.co/bitstream/handle/20.500.12277/2840/Gestion%20del%20riesgo%20en%20seguridad%20informatica.pdf?sequence=1&isAllowed=y#:~:text=INTRODUCCI%C3%93N%20La%20gesti%C3%B3n%20del%20riesgo,y%20todos%20los%20activos%20inform%C3%A1ticos
• Auditool Guillermo Casal (febrero 2022)– Tomado https://www.auditool.org/blog/auditoria-de-ti/8317-que-son-los-controles-de-seguridad-de-ti

Thank You