1 00:00:00,360 --> 00:00:08,280 Great, now let let's get started with the actual definition of information security, information security, 2 00:00:08,280 --> 00:00:16,890 sometimes abbreviated as infosec, is a set of practices intended to keep data secure from unauthorized 3 00:00:16,890 --> 00:00:24,360 access or alterations, both when it's being stored and when it's being transmitted from one machine 4 00:00:24,720 --> 00:00:28,590 to physical location or another machine on a different computer. 5 00:00:29,280 --> 00:00:36,870 You might sometimes see it referred to as data security, as knowledge has become one of the 21st century's 6 00:00:36,870 --> 00:00:38,620 most important assets. 7 00:00:39,120 --> 00:00:46,530 I hope you remember as its efforts to keep information secure have correspondingly become increasingly 8 00:00:46,740 --> 00:00:53,910 important now because information technology has become the accepted corporate buzz phrase. 9 00:00:54,240 --> 00:00:57,510 That means basically computers and related stuff. 10 00:00:58,020 --> 00:01:05,550 You will see sometimes information security and cybersecurity used interchangeably, though strictly 11 00:01:05,550 --> 00:01:10,260 speaking, as I already told you, I would differentiate between these two terms. 12 00:01:10,680 --> 00:01:18,750 Cybersecurity is the broader practice of defending IP assets from attacks and information security, 13 00:01:18,750 --> 00:01:22,410 the specific discipline under the cybersecurity umbrella. 14 00:01:23,160 --> 00:01:25,590 Now, obviously, there's some overlap here. 15 00:01:26,070 --> 00:01:32,880 You can't secure your data transmitted across an insecure network or manipulated by a leaky application, 16 00:01:33,540 --> 00:01:39,660 as there is plenty of information that isn't stored electronically that also needs to be protected. 17 00:01:40,020 --> 00:01:42,770 Does it for securities fraud? 18 00:01:42,780 --> 00:01:50,460 It is to necessity being the security perspective to make it broader and available for every organization. 19 00:01:51,540 --> 00:01:57,030 Information security determines what information needs to be protected by. 20 00:01:57,030 --> 00:02:03,300 It should be protected, how it should be protected, and what the information should be protected. 21 00:02:04,290 --> 00:02:09,810 These four questions are very important when it comes to information security. 22 00:02:10,230 --> 00:02:12,330 What information needs to be protected? 23 00:02:12,750 --> 00:02:14,280 Why it should be protected? 24 00:02:14,460 --> 00:02:21,570 How and what now are protecting the organization against threats and vulnerabilities? 25 00:02:21,930 --> 00:02:29,580 Information security reduces the risk and the impact to its asset through a risk assessment. 26 00:02:29,970 --> 00:02:37,770 Threats to assets are identified, vulnerability to a likelihood of occurrence is evaluated, and the 27 00:02:37,770 --> 00:02:40,170 potential impact is then estimated. 28 00:02:41,130 --> 00:02:44,040 Now ISO IEC twenty seven thousand five. 29 00:02:44,520 --> 00:02:47,220 That is the information security risk management. 30 00:02:47,790 --> 00:02:55,530 Information security is the preservation of confidentiality, integrity and availability of information. 31 00:02:56,190 --> 00:03:04,380 In addition to this, properties of confidentiality, integrity and availability, accountability, 32 00:03:04,380 --> 00:03:11,610 authenticity, authorization, non repudiation and reliability can also be involved. 33 00:03:12,120 --> 00:03:15,750 But ultimately it comes down with a triplette of the CIA. 34 00:03:16,170 --> 00:03:23,550 That is, the confidentiality, integrity and availability of information security is very important. 35 00:03:24,030 --> 00:03:31,470 Now, as I said, the basic competence of information security are most often summed up by the CIA tried. 36 00:03:32,700 --> 00:03:39,570 In an ideal world, your data should always be kept confidential in its current state and available. 37 00:03:40,080 --> 00:03:45,540 Of course, you often need to make choices about which information security principles to emphasize. 38 00:03:46,230 --> 00:03:51,810 If you are storing sensitive medical information, for instance, you'll focus on confidentiality. 39 00:03:52,140 --> 00:03:59,550 But as a financial institution might emphasize data integrity to ensure that nobody's bank account is 40 00:03:59,550 --> 00:04:02,040 credited or debited incorrectly. 41 00:04:04,320 --> 00:04:11,020 Let us have a look at some other definitions now, governance of information security, governance in 42 00:04:11,020 --> 00:04:19,440 the system by which organizations information security activities are directed and controlled information 43 00:04:19,440 --> 00:04:28,200 security, even if it is an event occurrence of a system service or a network state indicating a possible 44 00:04:28,200 --> 00:04:36,300 breach of information security policy or failure of controls, or a previously unknown situation that 45 00:04:36,300 --> 00:04:37,350 can be security. 46 00:04:37,350 --> 00:04:41,010 Relevant information security incident. 47 00:04:41,880 --> 00:04:50,820 Now, incident is a single or a series of unwanted or unexpected information security events that have 48 00:04:50,820 --> 00:04:57,240 a significant probability of compromising business operations and threatening the information security 49 00:04:57,240 --> 00:04:58,660 of your organization. 50 00:04:59,490 --> 00:05:05,760 And as I explained earlier, not repudiation is the ability to prove the occurrence of a claimed event 51 00:05:05,760 --> 00:05:09,480 or the action and its originating entities. 52 00:05:10,320 --> 00:05:12,800 Well, this was it for this lecture. 53 00:05:13,110 --> 00:05:20,490 The main focus of this lecture was for you to understand the definition of information security, and 54 00:05:20,490 --> 00:05:22,110 I hope you understood it. 55 00:05:22,410 --> 00:05:28,710 And all that points to the CIA trial, which will be exploring in the next lecture.