4.1 SECURITY POLICYAPPLY FILE AND FOLDER PERMISSIONDefinition: Setting access controls on files and folders to specify who canview, modify, or delete them.Best Practices:Least Privilege: Grant only the necessaryaccessto users.Access Control Lists (ACLs): Use ACLs tomanage permissions effectively.Permissions:Read: Allows users to view thecontents of a file or folder.Write: Permits users to modify oradd content to a file or folder.Execute: Allows users to runexecutable files or scripts andaccess directories.Full Control: Provides all availablepermissions, including the ability tomodify permissions and delete filesor folders.147
4.1 SECURITY POLICYAPPLY FILE AND FOLDER PERMISSION IN WINDOWSManaging file and folder permissions in Windows ensures that onlyauthorized userscan access, modify, or delete data.Windows uses NTFS (New Technology File System) to control permissions,which allows administratorsto setspecific accesslevelsfor files and folders.Best Practice: Use NTFS permissions for precise control and combine withShare permissionsfor network access.FEATURE NTFS PERMISSIONS SHARE PERMISSIONSApplied To Local and network users Network users onlyPermission LevelsFull Control, Modify, Read &Execute, Write, ReadFull Control, Change, ReadGranular Control Yes (per user/group) No (applies to entire share)Inheritance Supports inheritance No inheritance148
4.1 SECURITY POLICYSTANDARD NTFS PERMISSIONSWindows providessix main NTFS permission levels:PERMISSION DESCRIPTIONFull Control Grants complete access, including permission changesModify Allows reading, writing, and deleting filesRead & Execute Opens and runs files but prevents modificationsList Folder Contents Allows viewing folder contentsRead Enables viewing files but no modificationsWrite Allows adding and modifying files, but not deleting themImportant: Deny permissions always override Allow permissions.149
Using WindowsFile Explorer:Right-click on a file or folder -> Select Properties.Click the Security tab -> Click Edit.Select the user or group -> Modify permissions as needed.Click Apply -> Click OK.Using Command Line (icaclsCommand):Modify file permissions using:4.1 SECURITY POLICYHOW TO MODIFY NTFS PERMISSIONHOW TO MODIFY NTFS PERMISSIONInheritance: Permissions set on a parent folder are automatically applied to itssubfolders and files.Effective Permissions: If a user is part of multiple groups, their actualpermissions depend on combined permissions and any Deny rules.To disable inheritance:Right-click folder → Properties → Security tab → Advanced → ClickDisable Inheritance.150
TEST YOUR KNOWLEDGETo improve security, what is the best practice formanaging passwords?A. Use a simple,short password that is easy to rememberB. Use a password manager to create and store a unique,complex password for each accountC. Write down all your passwordsin a notebookD. Use the same password for all accountsWhich of the following best describes the purpose of anAccessControlList (ACL) for managing files and folders?A. To automatically encrypt all files and folders on a networkB. To create a master password for all user accountsC. To track and record every action performed by users on a networkD. To provide a list of permissionsthat can be applied to specificusers or groups, offering fine-grained control151
ANSWERSTo improve security, what is the best practice formanaging passwords?A. Use a simple,short password that is easy to rememberB. Use a password manager to create and store a unique,complex password for each accountC. Write down all your passwordsin a notebookD. Use the same password for all accountsWhich of the following best describes the purpose of anAccessControlList (ACL) for managing files and folders?A. To automatically encrypt all files and folders on a networkB. To create a master password for all user accountsC. To track and record every action performed by users on a networkD. To provide a list of permissionsthat can be applied to specificusers or groups, offering fine-grained control152
Definition: Protecting data involves implementing measures to safeguardinformation from unauthorized access, theft, loss, or corruption.The goal isto ensure data confidentiality, integrity, and availability.4.1 SECURITY POLICYAPPLY PROTECTING DATAKey MethodsUsed inProtectingDataData EncryptionSecurityTokensBiometricsMulti-FactorAuthentications153
Data EncryptionDefinition: The process of converting data into a coded format that can onlybe read or decrypted by authorized individuals.4.1 SECURITY POLICYDATA ENCRYPTIONTYPES OF ENCRYPTIONSymmetric Encryption: Uses a single key forboth encryption and decryption (e.g. AES).Asymmetric Encryption: Uses two keys—apublic key for encryption and a private keyfor decryption (e.g., RSA).EXAMPLE USE CASESIMPORTANCE OF ENCRYPTIONEnsures that even if data is intercepted, itremains unreadable without the decryptionkey.Protects sensitive data such as credit cardnumbers, personal information, and passwords.Encrypting communication over the internet(e.g., HTTPS).Encrypting files on a hard drive (e.g., BitLockerfor Windows).154
Data EncryptionDefinition: Devices or software that generate one-time codes or credentialsused for authentication.4.1 SECURITY POLICYSECURITY TOKENSTYPES OF SECURITY TOKENSHardware Tokens: Small physicaldevices that generate a one-timepasscode (e.g., RSA SecurID).Software Tokens: Mobile apps orsoftware that generate time-basedpasscodes (e.g., Google Authenticator,Microsoft Authenticator).EXAMPLE USE CASESIMPORTANCE OF SECURITY TOKENSAdds an additional layer of security beyondtraditional passwords.Helps protect data by ensuring that onlyauthorized individualscan accesssystems or data.Logging into online banking or corporatenetworks.Accessing secure cloud services with multifactor authentication (MFA).155
Data EncryptionDefinition: A security measure that requires two or more forms of verification(e.g., password,security token, biometricscan) before granting access.4.1 SECURITY POLICYBIOMETRICSTYPES OF BIOMETRICSFingerprint Recognition: Scanning andanalyzing the unique patterns of aperson’sfingerprint.Facial Recognition: Using facial featuresfor identification, commonly found insmartphones and security systems.Iris/Retina Scanning: Scanning theunique patternsin a person’s eyes.Voice Recognition: Analyzing the voicepatterns and tone of an individual.EXAMPLE USE CASESIMPORTANCE OF BIOMETRICSHighly secure as biometrics are uniqueto each individual and difficult toreplicate.Provides convenient authenticationmethods (e.g., unlocking smartphoneswith fingerprints).Unlocking devices (e.g.,iPhones, Android phones)using fingerprint or facerecognition.Accessing restricted areas inhigh-security buildings usingretina or voice recognition.156
Data EncryptionDefinition: A security measure that requires two or more forms of verification(e.g., password,security token, biometricscan) before granting access.4.1 SECURITY POLICYMULTI-FACTOR AUTHENTICATIONS (MFA)TYPES OF AUTHENTICATIONFACTORSSomething you know: A password orPIN.Something you have: A security tokenor mobile device.Something you are: Biometric data(e.g., fingerprint, facial recognition).Somewhere you are: Location-basedauthentication (e.g., IP address or GPS).IMPORTANCE OF SECURITY EXAMPLE USE CASESTOKENSEnhances security by requiringmultiple types of information to gainaccess, even if one factor (e.g.,password) iscompromised.Reduces the risk of unauthorizedaccess, especially in high-stakesenvironments.Accessing bank accounts oronline services that require apassword plus a one-time codesent via SMS or app.Logging into corporate systemsusing a combination of password,fingerprint, and a token.157
TEST YOUR KNOWLEDGEIdentify the main difference between a hardwaretoken and a software token?A. Hardware tokens are physical devices, while software tokens areappsthat create passcodes.B. Hardware tokens need the internet,software tokens do not.C. Hardware tokensstore passwords,software tokensstorefingerprints.D. Hardware tokens are lesssecure than software tokens.What does biometric authentication use to verify aperson’sidentity?A. PasswordsB. Security questionsC. Physical traitslike fingerprints or face recognitionD. One-time passcodes158
ANSWERSIdentify the main difference between a hardwaretoken and a software token?A. Hardware tokens are physical devices, while software tokens areappsthat create passcodes.B. Hardware tokens need the internet,software tokens do not.C. Hardware tokensstore passwords,software tokensstorefingerprints.D. Hardware tokens are lesssecure than software tokens.What does biometric authentication use to verify aperson’sidentity?A. PasswordsB. Security questionsC. Physical traitslike fingerprints or face recognitionD. One-time passcodes159
4.2 SECURITY PROCEDUREDefinition: Security procedures and policies are formal guidelines establishedto protect an organization’sinformation systems and data.They define how various aspects of security are managed, ensuringconsistent and effective protection against threats and vulnerabilities.SECURITY PROCEDURESSECURITY PROCEDURES AND POLICIES1.Acceptable Use Policy2.Physical AccessControl Policies3.Hiring Policies4.Termination Policies5.Ethics Policies6.Need to Know Policies7.Separation Duties Policies8.Document Disposal and Destruction Policies160
4.2 SECURITY PROCEDURE1. ACCEPTABLE USE POLICY (AUP)SECURITY POLICIESDefinition: An AUP is a document that outlines what employees are and aren'tallowed to do with company assets, like computers, networks, and email. It'slike a rulebook for using company technology.Purpose: To protect the organization's resources from misuse and to preventsecurity breaches, legal issues, and loss of productivity.Example: An AUP would state that employees can't use company computersto download illegal movies or visit inappropriate websites.Many companies include a clause in their AcceptableUse Policy thatsaysthere's no expectation of privacywhen using company-owned equipment, even forpersonal emails!161
4.2 SECURITY PROCEDURE2. PHYSICAL ACCESS CONTROL POLICYSECURITY POLICIESDefinition: These policies define how people are allowed to physically enterand move around a building or a secure area. It's about controlling who canphysically be where.Purpose: To protect sensitive equipment, data centers, and offices fromunauthorized access, theft, or damage.Example: Requiring employees to use a keycard to enter the office and aspecial code to get into the server room.The most advanced physical access control systemsuse biometrics like fingerprints or iris scans, whichare unique to each person, making them nearlyimpossible to fake.162
4.2 SECURITY PROCEDURE3. HIRING POLICYSECURITY POLICIESDefinition: These are the rules and procedures a company follows whenrecruiting and bringing on new employees.Purpose: To ensure that the right people are hired for the right jobs and toconfirm that the new hires don't pose a security risk to the organization. Thisoften includes background checks.Example: A policy might require a background check for all new hires and acredit check for anyone who will be handling company finances.The first modern background checks for employmentbecame popular in the early 20th century,particularly for jobsin banking and government.163
4.2 SECURITY PROCEDURE4. TERMINATION POLICYSECURITY POLICIESDefinition: A set of procedures for when an employee leaves the company,whether they quit or are fired.Purpose: To ensure that all of the departing employee's access to companysystems, data, and physical locations is immediately revoked to prevent asecurity risk.Example: A termination policy would state that an employee's access to theiremail and company network is cut off the moment they are officiallyterminated.Some companies have a \"clean desk\" policy where employeescan't leave sensitive documents on their desks when they leavefor the day, which becomes a key part of the termination processto ensure no physical data isleft behind.164
4.2 SECURITY PROCEDURE5. ETHICS POLICYSECURITY POLICIESDefinition: A document that outlines the company's core values and setsexpectationsfor employee behavior, like honesty, integrity, and fairness.Purpose: To guide employees in making ethical decisions and to maintain apositive and trustworthy reputation for the company.Example: An ethics policy would prohibit employees from acceptingexpensive giftsfrom a vendor orsupplier.The earliest forms of corporate ethics policies can betraced back to ancient codes of conduct formerchants and traders, long before the digital age.165
4.2 SECURITY PROCEDURE6. NEED TO KNOW POLICYSECURITY POLICIESDefinition: A policy that states that employees should only have access to theinformation, data, or systems that are absolutely necessary for them to dotheir job.Purpose: To limit the potential for a data breach by minimizing the number ofpeople who have accessto sensitive information.Example: A marketing employee would have access to marketing data butwould not be allowed to view the company'sconfidential financial records.This concept is a fundamental principle in militaryand government security, dating back to wartimeintelligence operations where compartmentalizationwascritical for nationalsecurity.166
4.2 SECURITY PROCEDURE7. SEPARATION OF DUTIES POLICYSECURITY POLICIESDefinition: A security policy that ensures no single person has enough controlto complete a critical or sensitive task on their own. The work must be dividedamong multiple people.Purpose: To prevent fraud, theft, and errors by requiring two or more peopleto approve or complete a task.Example: The person who processes invoices is not the same person who canapprove and issue payments.The idea behind this policy is ancient and can be seenin historical practices, like a king requiring both ascribe and a treasurer to sign off on a spendingorder.167
4.2 SECURITY PROCEDURE8. DOCUMENT DISPOSAL AND DESTRUCTION POLICYSECURITY POLICIESDefinition: These policies provide clear rules on how to properly throw awayor destroy documents and digital media that are no longer needed.Purpose: To prevent confidential information from falling into the wronghands after it's been discarded.Example: Shredding all paper documents that contain sensitive customerinformation instead of just throwing them in the trash.Simply dragging a file to the \"Recycle Bin\" on your computerdoesn't actually delete it. The data remains on your hard driveuntil it's overwritten, which is why cybersecurity experts oftenrecommend physically destroying old hard drives or usingspecialsoftware to completely \"wipe\"them clean!168
TEST YOUR KNOWLEDGEWhich of the following is the primary purpose of anAcceptable Use Policy (AUP)?A. To define employees' work hours and break timesB. To provide a rulebook for using company technology and assetsC. To establish a company's mission statementD. To outline the company's dresscodeA keycard is an example of a control used to enforcewhich type of policy?A. Data Backup PolicyB. Privacy PolicyC. Acceptable Use PolicyD. Physical AccessControl Policy169
ANSWERSWhich of the following is the primary purpose of anAcceptable Use Policy (AUP)?A. To define employees' work hours and break timesB. To provide a rulebook for using company technology and assetsC. To establish a company's mission statementD. To outline the company's dresscodeA keycard is an example of a control used to enforcewhich type of policy?A. Data Backup PolicyB. Privacy PolicyC. Acceptable Use PolicyD. Physical AccessControl Policy170
4.3 PRIVILEGE MANAGEMENTDefinition: Privilege management involves controlling and overseeing userpermissions to ensure that individuals have the appropriate level of access tosystems and data.It’s about managing who can access what resources and what they can dowith them, which helps in protecting sensitive information and maintainingsystem security.DEFINITION OF PRIVILEGE MANAGEMENT1.User, Group, Group Management2.Single Sign-On3.Auditing (Privilege Usage, Escalation)PRIVILEGE MANAGEMENTOrganizations often have two to three times more privileged accountsthan they do individual employees.This is because, in addition tohuman users, powerful accounts are also created for machines,applications, and services to perform critical tasks, all of which needto be managed and secured to prevent a security breach.171
4.3 PRIVILEGE MANAGEMENTUser ManagementDefinitionCreatingUserAccountsUser RolesandPermissionsUser AccountManagementToolsSetting up user accounts and deciding what each person cansee or do on the system.A user account identifies and authenticates an individual.Each account should have a unique identifier (e.g.,username, email) and secure authentication methods (e.g.,password, biometrics).Each user is assigned specific roles and permissions thatdefine the level of access they have to system resources,such asfiles, folders, applications, and networks.Administrator: Full control over system configurationsand management.Standard User: Limited permissions for day-to-dayactivities(e.g., viewing and editing files).Guest:Limited accessfor temporary or external users.Windows: Active Directory (AD), Local Users and Groups(Local Group Policy).Linux: /etc/passwd, /etc/group files, useradd, usermod,userdel commands.1. USER AND GROUP MANAGEMENT172
4.3 PRIVILEGE MANAGEMENTGroup ManagementDefinitionType ofGroupsGroupMembershipGroupManagementBestPracticesOrganizing users into groups based on their roles (like amarketing team or IT staff) and giving the group specificaccess. This makesit easier to manage permissionsfor manyusers at once.Security Groups: Used to assign permissions to resourceslike files, printers, and applications.Distribution Groups: Used for sending emails or messages tomultiple usersin a system (e.g., mailing lists).Users are assigned to one or more groups, and thepermissions assigned to the group apply to all members ofthe group.Local Groups: Specific to a computer orserver.Domain Groups: Apply across a network domain (e.g., inActive Directory).Use least privilege by assigning users only thenecessary permissions.Regularly review and update group memberships.Implement role-based access control (RBAC) for clearpermission management.1. USER AND GROUP MANAGEMENT173
TEST YOUR KNOWLEDGEWhat isthe primary purpose of user accounts?A. To identify and authenticate an individualB. To organize usersinto teamsfor projectsC. To assign permissionsfor many users at onceD. To create a mailing list for all employeesWhat is the primary benefit of organizing users intogroups?A. It ensuresthat no user can be a part of multiple teamsB. It makesit easier to track individual user activityC. It is a requirement for using Windows orLinux systemsD. Itsimplifiesthe process of managing permissionsfor manyusers at once174
ANSWERSWhat isthe primary purpose of user accounts?A. To identify and authenticate an individualB. To organize usersinto teamsfor projectsC. To assign permissionsfor many users at onceD. To create a mailing list for all employeesWhat is the primary benefit of organizing users intogroups?A. It ensuresthat no user can be a part of multiple teamsB. It makesit easier to track individual user activityC. It is a requirement for using Windows orLinux systemsD. Itsimplifiesthe process of managing permissionsfor manyusers at once175
4.3 PRIVILEGE MANAGEMENT2. SINGLE SIGN-ON (SSO)DefinitionPurposeA system where you log in once and get access to multipleapplications orsystems without needing to log in again.Makes it easier for users because they don’t have toremember multiple passwords.It also helps manage access more efficiently.HREMAI LCRMS ERVICE SINTR ANE T F INANCEI TSOCIAL MEDIA176
4.3 PRIVILEGE MANAGEMENT2. SINGLE SIGN-ON (SSO)How SSOWorksChallengesThe user logsin once to the SSO system.The SSO system authenticatesthe user.After successful authentication, the system grants theuser access to other integrated applications or serviceswithout requiring re-authentication.SSO typically uses tokens (e.g., SAML or OAuth) to passauthentication details between systems.Single Point of Failure: If the SSO service iscompromised or unavailable, users may be locked outof all connected services.Security Concerns: Storing authentication data in oneplace could become a target for attackers.BenefitsConvenience: Users only need to remember one set ofcredentials.Security: Reduced password fatigue leads to fewer weakpasswords and fewer attempts at password reuse.Efficiency: Centralized user management allows IT teamsto quickly provision or revoke access to multipleapplications at once.177
TEST YOUR KNOWLEDGEWhich of the following is a key purpose ofimplementing an SSO solution?A. To help usersremember only one set of credentials andmanage access more efficientlyB. To decentralize user management and increase IT workloadC. To increase the number of passwords a user must rememberD. To secure individual applications without any centralizedmanagement.Which of the following is a direct user-facing benefitof SSO?A. The ability to install new software without IT approvalB.Lessfrequent need to log in and remember multiplepasswordsC. Better antivirus protectionD. Improved network speed178
ANSWERSIdentify a key purpose of implementing an SSOsolution.A. To help usersremember only one set of credentials andmanage access more efficientlyB. To decentralize user management and increase IT workloadC. To increase the number of passwords a user must rememberD. To secure individual applications without any centralizedmanagement.Choose a direct user-facing benefit of SSO.A. The ability to install new software without IT approvalB.Lessfrequent need to log in and remember multiplepasswordsC. Better antivirus protectionD. Improved network speed179
4.3 PRIVILEGE MANAGEMENT3. AUDITINGDefinitionIt's the process of looking at who has access to what,what they're doing with that access, and making sureeverything is aligned with the company'ssecurity rules.Auditing provides valuable information for securitymonitoring, troubleshooting, and compliance reporting.Checking who has access to what and making sureit’scorrect.TYPES OF AUDIT LOGSMonitoring what users do with their access to catchany unusual or unauthorized activities.Reviewing situations where users get temporary orextra access to ensure it’s done properly and onlywhen needed.PrivilegeUsageEscalation180
4.3 PRIVILEGE MANAGEMENTAUDIT LOG3. AUDITINGDefinitionAudit logs are records thatdocument the activity performedby users on systems and networks.Auditing provides valuableinformation for securitymonitoring, troubleshooting, andcompliance reporting.Security: They help security teams detect suspicious activity. If an employee'saccount is used to access sensitive files late at night, the audit log will capturethat, flagging a potentialsecurity breach.Compliance: Many regulations require organizations to maintain a record ofdata access and changes. Audit logs provide the evidence needed to provecompliance during an audit.Accountability: They create a transparent record of activity, which holds usersaccountable for their actions and can help resolve disputes.Troubleshooting: When something goes wrong, an audit log can help IT teamstrace the sequence of eventsthat led to a system failure or an error.WHY AUDIT LOGS ARE IMPORTANT181
4.3 PRIVILEGE MANAGEMENTPRIVILEGE3. AUDITINGDefinitionWhat toTrackTracks the assignment, modification, and usage ofprivileged accounts(e.g., Administrator, root).Changes to administrator roles, access to sensitivedata, and use of elevated privileges.PurposeTo ensure that privileged accounts are not misused orover-provisioned.182
4.3 PRIVILEGE MANAGEMENTUSAGE AUDITING3. AUDITINGDefinitionWhat toTrackTracks normal user activity such as file access, loginattempts, and application usage.Logins/logouts, file modifications, unauthorized accessattempts, usage ofsystem resources.PurposeTo detect suspicious behavior, unauthorized access, andensure that users are adhering to company policies.183
4.3 PRIVILEGE MANAGEMENTESCALATION AUDITING3. AUDITINGDefinitionWhat toTrackTracks events where users escalate their privileges(e.g., from normal user to administrator).Privilege escalations (either through sudo commands orother means), roles assigned, and any changes made byescalated accounts.PurposeTo ensure that privilege escalation is legitimate andauthorized.184
Centralized Logging: Use centralized systems (e.g., SIEM -Security Information and Event Management) to aggregateand analyze audit logsfrom multiple devices.Regular Reviews: Regularly review audit logs to identifyunusual activity or policy violations.Real-Time Alerts: Set up real-time alerts for critical eventssuch as unauthorized privilege escalation or access tosensitive data.Retention Policies: Define how long audit logs are retainedand ensure they are protected from tampering.4.3 PRIVILEGE MANAGEMENTBEST PRACTICES IN AUDITING3. AUDITINGThe word \"audit\"comesfrom the Latin word \"audire\", whichmeans \"to hear\". This is because in ancient times, theauditor would literally listen as the financial accounts wereread aloud to them to verify their accuracy.185
TEST YOUR KNOWLEDGEA real-time alert is most useful for which of thefollowing events?A. An authorized user downloads a file from a shared driveB. A computer's operating system is updated during a scheduledmaintenance windowC. A standard user logsinto their account at 9:00 AMD. An unauthorized user attemptsto change an administrator'saccountsettings.What does a security team do to prevent tamperingwith audit logs?A. They store all logs on a single device that is not connected to theinternetB. They print all logs on paper and lock them in a safeC. They define retention policiesthat ensure logs are protected andnot changedD. They manually review every log entry asit iscreated.186
ANSWERSA real-time alert is most useful for which of thefollowing events?A. An authorized user downloads a file from a shared driveB. A computer's operating system is updated during a scheduledmaintenance windowC. A standard user logsinto their account at 9:00 AMD. An unauthorized user attemptsto change an administrator'saccountsettings.What does a security team do to prevent tamperingwith audit logs?A. They store all logs on a single device that is not connected to theinternetB. They print all logs on paper and lock them in a safeC. They define retention policiesthat ensure logs are protected andnot changedD. They manually review every log entry asit iscreated.187
CHAPTER 44.4 EXERCISES188
FUN EXERCISE189
CHAPTER 5INFORMATION ASSURANCEMANAGEMENT190
CHAPTER 5INFORMATION ASSURANCEMANAGEMENT5.1 RISK IDENTIFICATION, RISK ANALYSIS,AND RISK MANAGEMENT5.2 INFORMATION ASSURANCEMANAGEMENT5.3 PRACTICES, REGULATIONS AND PLANINFORMATION ASSURANCE STRATEGY5.4 EXERCISES191
5.1 RISK IDENTIFICATION, RISK ANALYSIS,AND RISK MANAGEMENTINFORMATION ASSURANCE VS INFORMATIONSECURITYRISK IDENTIFICATIONDEFINITION: The process of finding and listing potential risks that could harman organization orsystem.PURPOSE: To understand what could go wrong so the organization canprepare.EXAMPLE: A company identifies risks like phishing emails, malware infections,or physical theft of devices192
5.1 RISK IDENTIFICATION, RISK ANALYSIS,AND RISK MANAGEMENTINFORMATION ASSURANCE VS INFORMATIONSECURITY (CONT.)RISK ANALYSISDEFINITION: The process of evaluating how serious each identified risk is byassessing itslikelihood and potential impact.PURPOSE: To prioritize risks and decide which ones need immediate action.EXAMPLE: A phishing attack is considered high risk because it is likely to occurand could lead to major data breaches.193
5.1 RISK IDENTIFICATION, RISK ANALYSIS,AND RISK MANAGEMENTRISK MANAGEMENTDEFINITION: The process of planning and taking actions to reduce, eliminate, orhandle the risksidentified and analyzed.PURPOSE: To ensure risks are controlled and minimized to protect theorganization.EXAMPLE: Mitigate the risk of phishing attacks by training employees torecognize phishing emails.INFORMATION ASSURANCE VS INFORMATIONSECURITY (CONT.)194
5.1 RISK IDENTIFICATION, RISK ANALYSIS,AND RISK MANAGEMENTINFORMATION ASSURANCEDEFINITION: Measures that protect and defend information and informationsystems by ensuring their availability, integrity, authentication,confidentiality, and non-repudiation. These measures include providing forrestoration of information systems by incorporating protection, detection, andreaction capabilities.INFORMATION ASSURANCE VS INFORMATIONSECURITY (CONT.)195
5.1 RISK IDENTIFICATION, RISK ANALYSIS,AND RISK MANAGEMENTINFORMATION SECURITYDEFINITION: Practice of protecting information from unauthorized access,disclosure, modification, destruction, or disruption. Its primary goal is toensure the confidentiality, integrity, and availability of information,commonly referred to as the CIA triad: Confidentiality, Integrity, andAvailabilityINFORMATION ASSURANCE VS INFORMATIONSECURITY (CONT.)196