Understand security management concepts and principles including CIA model (Confidentiality, Integrity and Availability)
Identify Security Controls types and how they work
Discuss the organizational Security Model
Be familiar with the Information Security “Planning Horizon”
Discuss Data Classification and Labelling
Discuss the role employment policies and practices in Information Security
Define Information Security roles within an organization
Identify and differentiate between policies, standards, baselines, guidelines and procedures
Classify risk management using quantitative and qualitative assessments Understand the importance of security awareness training
Fundamental Principles of Security
•There are 3 main principles in all security programs:
Availability: Prevents disruption of services and productivity. Examples: Redundancy, backup systems
Integrity: Prevents unauthorized modification of systems and Information. Examples: Intruder detection and hashing
Confidentiality: Prevents unauthorized disclosure of sensitive Information. Examples: encryption, proper personal training
DOMAIN 2: ASSET SECURITY
Understanding Commercial and Government Data Classification
Establishing Ownership of Data
Addressing Privacy Issues
Managing Records Retention
Identifying Appropriate Data Security Controls
Ensure Proper Handling of sensitive Information Assets
Data Classification
Unclassified – The lowest government data classification level is Unclassified, disclosure causes no harm to national security
Sensitive but Unclassified (SBU) – Sensitive but Unclassified information is a common modifier of unclassified information. It generally includes information of a private or personal nature. Examples include test questions, disciplinary proceedings, and medical records.
Confidential – Confidential information is information that, if compromised, could cause damage to national security. Confidential information is the lowest level of classified government information.
Secret – Secret information is information that, if compromised, could cause serious damage to national security. Secret information must normally be accounted for throughout its life cycle, all the way to its destruction.
Top Secret – Top Secret information is information that, if compromised, could cause grave damage to national security. Top Secret information may require additional safeguards, such as special designations and handling restrictions.