Cyber Security Foundations

In Lecture 13, we delve into the organizational controls specified in the 2022 edition of ISO/IEC 27002. These controls are fundamental to maintaining cybersecurity within an organization. This article provides a detailed breakdown of key points discussed, emphasizing the importance of these controls and their implementation. Key ConceptsOrganizational Controls Definition: Organizational controls are policies, procedures, […]

In the realm of cybersecurity, implementing appropriate security controls is crucial for safeguarding information assets. Lecture 12 focuses on understanding the various types of security controls, their importance, and how they are categorized. This article breaks down the key points discussed, highlighting the importance of selecting controls based on risk assessment and various frameworks for

Securing information processing resources, such as computing devices and storage systems, is vital for any organization’s cybersecurity strategy. This article explores the specific threats to these resources, with a focus on denial of service (DoS) attacks, and outlines various security controls to mitigate these risks. Key ConceptsInformation Processing Resources Definition: Information processing resources encompass computing

In today’s digital age, comprehending the various types of security threats and vulnerabilities is essential for protecting information assets. This article delves into the key security threats, offers guidance from reputable sources such as the UK National Cyber Security Centre (NCSC) and the US National Institute for Standards and Technology (NIST), and provides practical applications

Overview Lecture 10 focuses on understanding the security measures necessary to protect data while it is at rest, i.e., stored on various devices and media. This lecture discusses the specific threats to data at rest and the security controls that can be implemented to mitigate these risks. Here is a detailed breakdown of the key

Lecture 9 focuses on understanding the security measures necessary to protect data in motion, i.e., data being transmitted across a network. This lecture covers the threats to data in motion, the role of cryptography, and the use of security protocols. Here is a detailed breakdown of the key points discussed, along with references to relevant

Overview Lecture 8 focuses on understanding the different types of information assets within an organization and the specific security controls required to protect them. This article provides a detailed breakdown of key points discussed, including types of information, their locations, processing systems, and the security considerations needed to protect them. Key Concepts 1. Information Assets

The application of the CIA triad (Confidentiality, Integrity, Availability) within an organization involves implementing comprehensive security controls and policies. Two primary references for these controls are ISO/IEC 27002 and NIST Special Publication 800-53. This article provides an in-depth look at how these standards help manage and apply the CIA principles in organizational settings. Key Standards

Overview Lecture 7 focuses on how the CIA triad (Confidentiality, Integrity, Availability) can be applied to develop strong cybersecurity measures within an organization. This article discusses the role of the CIA triad in various aspects of cybersecurity, including risk management, security controls, and security audits, along with references for further reading. Key Concepts 1. CIA

Overview The CIA triad (Confidentiality, Integrity, Availability) is foundational to cybersecurity, but other models and frameworks expand on it to address limitations and capture additional security aspects. This article explores alternative approaches and provides references for further reading. Alternative Approaches to CIA 1. NIST Special Publication 800-33 Reference: Summary: NIST Special Publication 800-33 expands on